chore: bump the development-dependencies group with 3 updates

[dependabot]

Bumps the development-dependencies group with 3 updates: sphinx, tomli and black.

Updates sphinx from 8.0.2 to 8.1.3

Release notes

Sourced from sphinx's releases.

Sphinx 8.1.3

Changelog: https://www.sphinx-doc.org/en/master/changes/8.1.html

Bugs fixed

• #13013: Restore support for cut_lines() with no object type. Patch by Adam Turner.

Sphinx 8.1.2

Changelog: https://www.sphinx-doc.org/en/master/changes/8.1.html

Bugs fixed

• #13012: Expose sphinx.errors.ExtensionError in sphinx.util for backwards compatibility. This will be removed in Sphinx 9, as exposing the exception in sphinx.util was never intentional. ExtensionError has been part of sphinx.errors since Sphinx 0.9. Patch by Adam Turner.

Sphinx 8.1.1

Changelog: https://www.sphinx-doc.org/en/master/changes/8.1.html

Bugs fixed

• #13006: Use the preferred https://www.cve.org/ URL for the :cve: role. Patch by Hugo van Kemenade.
• #13007: LaTeX: Improve resiliency when the required fontawesome or fontawesome5 packages are not installed. Patch by Jean-François B.

Sphinx 8.1.0

Changelog: https://www.sphinx-doc.org/en/master/changes/8.1.html

Dependencies

• #12756: Add lower-bounds to the sphinxcontrib-* dependencies. Patch by Adam Turner.
• #12833: Update the LaTeX parskip package from 2001 to 2018. Patch by Jean-François B.

Incompatible changes

• #12763: Remove unused internal class sphinx.util.Tee. Patch by Adam Turner.
• #12822: LaTeX: for Unicode engines, the fvset default is changed to '\\fvset{fontsize=auto}' from '\\fvset{fontsize=\\small}'. Code-blocks are unchanged as FreeMono is now loaded with Scale=0.9. An adjustment to existing projects is needed only if they used a custom fontpkg configuration and did not set fvset.

... (truncated)

Changelog

Sourced from sphinx's changelog.

Release 8.1.3 (released Oct 13, 2024)

Bugs fixed

• #13013: Restore support for :func:!cut_lines with no object type. Patch by Adam Turner.

Release 8.1.2 (released Oct 12, 2024)

Bugs fixed

• #13012: Expose :exc:sphinx.errors.ExtensionError in sphinx.util for backwards compatibility. This will be removed in Sphinx 9, as exposing the exception in sphinx.util was never intentional. :exc:!ExtensionError has been part of sphinx.errors since Sphinx 0.9. Patch by Adam Turner.

Release 8.1.1 (released Oct 11, 2024)

Bugs fixed

• #13006: Use the preferred https://www.cve.org/ URL for the :rst:role::cve: <cve> role. Patch by Hugo van Kemenade.
• #13007: LaTeX: Improve resiliency when the required fontawesome or fontawesome5 packages are not installed. Patch by Jean-François B.

Release 8.1.0 (released Oct 10, 2024)

Dependencies

• #12756: Add lower-bounds to the sphinxcontrib-* dependencies. Patch by Adam Turner.
• #12833: Update the LaTeX parskip package from 2001 to 2018. Patch by Jean-François B.

Incompatible changes

• #12763: Remove unused internal class sphinx.util.Tee.

... (truncated)

Commits

• a1510de Bump to 8.1.3 final
• 62e9606 Restore support for cut_lines() with no object type (#13015)
• 5ae32ce Bump version
• a72b47b Bump to 8.1.2 final
• 39a45ad Expose ExtensionError in sphinx.util for backwards compatibility.
• 5a4859a Add docs about sphinx-autobuild (#13011)
• 05679ef Type-check the 'autodoc_intenum' example (#12827)
• 86d1d31 Prune CHANGES of unneeded sections
• b6269d3 Improve documentation for the Builder API (#13008)
• c46abc4 Improve clarity for master_doc and root_doc
• Additional commits viewable in compare view

Updates tomli from 2.0.1 to 2.2.1

Changelog

Sourced from tomli's changelog.

2.2.1

• Fixed
  • Don't attempt to compile binary wheels for Python 3.8, 3.9 and 3.10 where cibuildwheel depends on a conflicting Tomli version

2.2.0

• Added
  • mypyc generated binary wheels for common platforms

2.1.0

• Deprecated
  • Instantiating TOMLDecodeError with free-form arguments. msg, doc and pos arguments should be given.
• Added
  • msg, doc, pos, lineno and colno attributes to TOMLDecodeError

2.0.2

• Removed
  • Python 3.7 support
• Improved
  • Make loads raise TypeError not AttributeError on bad input types that do not have the replace attribute. Improve error message when bytes is received.
• Type annotations
  • Type annotate load input as typing.IO[bytes] (previously typing.BinaryIO).

Commits

• 73c3d10 Bump version: 2.2.0 → 2.2.1
• 7c2368d Don't build wheels for Python versions requiring tomli
• c48e4e1 Bump version: 2.1.0 → 2.2.0
• 7604741 Update README
• 0724e2a Annotate global constants as Final to speed up compiled code
• 149547d Create binary wheels with mypyc (#242)
• 443a0c1 pre-commit autoupdate and autofix
• 48461cf Merge pull request #240 from hukkin/version-2.1.0
• d6e045b Bump version: 2.0.2 → 2.1.0
• d1d6a85 Add attributes to TOMLDecodeError. Deprecate free-form __init__ args (#238)
• Additional commits viewable in compare view

Updates black from 24.8.0 to 24.10.0

Release notes

Sourced from black's releases.

24.10.0

Highlights

• Black is now officially tested with Python 3.13 and provides Python 3.13 mypyc-compiled wheels. (#4436) (#4449)
• Black will issue an error when used with Python 3.12.5, due to an upstream memory safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please use Python 3.12.6 or Python 3.12.4 instead. (#4447)
• Black no longer supports running with Python 3.8 (#4452)

Stable style

• Fix crashes involving comments in parenthesised return types or X | Y style unions. (#4453)
• Fix skipping Jupyter cells with unknown %% magic (#4462)

Preview style

• Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)

Caching

• Fix bug where the cache was shared between runs with and without --unstable (#4466)

Packaging

• Upgrade version of mypyc used to 1.12 beta (#4450) (#4449)
• blackd now requires a newer version of aiohttp. (#4451)

Output

• Added Python target version information on parse error (#4378)
• Add information about Black version to internal error messages (#4457)

Changelog

Sourced from black's changelog.

24.10.0

Highlights

• Black is now officially tested with Python 3.13 and provides Python 3.13 mypyc-compiled wheels. (#4436) (#4449)
• Black will issue an error when used with Python 3.12.5, due to an upstream memory safety issue in Python 3.12.5 that can cause Black's AST safety checks to fail. Please use Python 3.12.6 or Python 3.12.4 instead. (#4447)
• Black no longer supports running with Python 3.8 (#4452)

Stable style

• Fix crashes involving comments in parenthesised return types or X | Y style unions. (#4453)
• Fix skipping Jupyter cells with unknown %% magic (#4462)

Preview style

• Fix type annotation spacing between * and more complex type variable tuple (i.e. def fn(*args: *tuple[*Ts, T]) -> None: pass) (#4440)

Caching

• Fix bug where the cache was shared between runs with and without --unstable (#4466)

Packaging

• Upgrade version of mypyc used to 1.12 beta (#4450) (#4449)
• blackd now requires a newer version of aiohttp. (#4451)

Output

• Added Python target version information on parse error (#4378)
• Add information about Black version to internal error messages (#4457)

Commits

• 1b2427a Prepare release 24.10.0 (#4471)
• a22b1eb Add mypyc 3.13 wheel build (#4449)
• b7d0e72 Bump AndreMiras/coveralls-python-action from 65c1672f0b8a201702d86c81b79187df...
• f1a2f92 Include --unstable in cache key (#4466)
• 8d9d18c Fix skipping Jupyter cells with unknown %% magic (#4462)
• bbfdba3 Fix docs CI: use venv for uv to fix 'failed to create directory' (#4460)
• 8fb2add Use builtin generics (#4458)
• 2a45cec Fix crashes with comments in parentheses (#4453)
• b4d6d86 Drop Python 3.8 support (#4452)
• ac018c1 Require newer aiohttp for blackd (#4451)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Scorecard details

Package	Version	Score	Details
pip/black	24.10.0	🟢 6.6	Details Check Score Reason Code-Review 🟢 8 Found 22/25 approved changesets -- score normalized to 8 Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 27 commit(s) and 13 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Packaging 🟢 10 packaging workflow detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/certifi	2024.12.14	🟢 7.2	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Maintained 🟢 10 9 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 6 Found 2/3 approved changesets -- score normalized to 6 Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing ⚠️ 0 project is not fuzzed Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/charset-normalizer	3.4.1	🟢 8.1	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 8 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 6 out of 6 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 2 badge detected: InProgress Code-Review ⚠️ 0 Found 0/3 approved changesets -- score normalized to 0 Contributors 🟢 3 project has 1 contributing companies or organizations -- score normalized to 3 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 5 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases 🟢 10 5 out of the last 5 releases have a total of 5 signed artifacts. Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/click	8.1.8	🟢 7.2	Details Check Score Reason Code-Review 🟢 7 Found 14/20 approved changesets -- score normalized to 7 Maintained 🟢 10 30 commit(s) and 7 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Signed-Releases 🟢 10 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Security-Policy 🟢 9 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/jinja2	3.1.5	🟢 7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 8 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo Code-Review 🟢 4 Found 7/15 approved changesets -- score normalized to 4 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Signed-Releases 🟢 10 3 out of the last 3 releases have a total of 3 signed artifacts. Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Security-Policy 🟢 9 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/markupsafe	3.0.2	🟢 6.7	Details Check Score Reason Code-Review ⚠️ 0 Found 0/24 approved changesets -- score normalized to 0 Binary-Artifacts 🟢 10 no binaries found in the repo Maintained 🟢 10 25 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies 🟢 6 dependency not pinned by hash detected -- score normalized to 6 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Security-Policy 🟢 9 security policy file detected Packaging 🟢 10 packaging workflow detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Signed-Releases 🟢 10 5 out of the last 5 releases have a total of 5 signed artifacts. SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/packaging	24.2	🟢 7.6	Details Check Score Reason Code-Review 🟢 8 Found 21/25 approved changesets -- score normalized to 8 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 10 commit(s) and 11 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 4 binaries present in source code Security-Policy 🟢 9 security policy file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 10 all dependencies are pinned CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST 🟢 10 SAST tool is run on all commits
pip/pygments	2.19.1	🟢 6.1	Details Check Score Reason Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 2 Found 8/27 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 3 issue activity found in the last 90 days -- score normalized to 10 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Binary-Artifacts 🟢 10 no binaries found in the repo Fuzzing 🟢 10 project is fuzzed SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0
pip/sphinx	8.1.3	🟢 5.3	Details Check Score Reason Code-Review ⚠️ 0 Found 2/29 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 10 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected License 🟢 9 license file detected Packaging ⚠️ -1 packaging workflow not detected Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Signed-Releases ⚠️ -1 no releases found Security-Policy ⚠️ 0 security policy file not detected Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Binary-Artifacts 🟢 10 no binaries found in the repo SAST ⚠️ 1 SAST tool is not run on all commits -- score normalized to 1 Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Vulnerabilities 🟢 8 2 existing vulnerabilities detected
pip/tomli	2.2.1	🟢 5.7	Details Check Score Reason Maintained 🟢 10 15 commit(s) and 1 issue activity found in the last 90 days -- score normalized to 10 Code-Review 🟢 3 Found 8/22 approved changesets -- score normalized to 3 Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Fuzzing 🟢 10 project is fuzzed Security-Policy ⚠️ 0 security policy file not detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities 🟢 9 1 existing vulnerabilities detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/urllib3	2.3.0	🟢 8.9	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 5 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 30 out of 30 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices 🟢 5 badge detected: Passing Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 project has 123 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 10 license file detected Maintained 🟢 10 30 commit(s) and 15 issue activity found in the last 90 days -- score normalized to 10 Packaging 🟢 10 packaging workflow detected Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 10 security policy file detected Signed-Releases 🟢 8 4 out of the last 5 releases have a total of 4 signed artifacts. Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 6 4 existing vulnerabilities detected

Scanned Files

• Pipfile.lock

[dependabot]

Superseded by #155.