build(deps-dev): bump the python-dependencies group in /python with 11 updates

[dependabot]

Updates the requirements on sphinx, furo, esbonio, sphinx-autobuild, sphinx-click, sphinx-substitution-extensions, sphinx-inline-tabs, ruff, typos, pre-commit and ty to permit the latest version.
Updates sphinx to 9.1.0

Release notes

Sourced from sphinx's releases.

Sphinx 9.1.0

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Dependencies

• #14153: Drop Python 3.11 support.
• #12555: Drop Docutils 0.20 support. Patch by Adam Turner

Features added

• Add add_static_dir() for copying static assets from extensions to the build output. Patch by Jared Dillard

Bugs fixed

• #14189: autodoc: Fix duplicate :no-index-entry: for modules. Patch by Adam Turner
• #13713: Fix compatibility with MyST-Parser. Patch by Adam Turner
• Fix tests for Python 3.15. Patch by Adam Turner
• #14089: autodoc: Fix default option parsing. Patch by Adam Turner
• Remove incorrect static typing assertions. Patch by Adam Turner
• #14050: LaTeXTranslator fails to build documents using the "acronym" standard role. Patch by Günter Milde
• LaTeX: Fix rendering for grid filled merged vertical cell. Patch by Tim Nordell
• #14228: LaTeX: Fix overrun footer for cases of merged vertical table cells. Patch by Tim Nordell
• #14207: Fix creating HTMLThemeFactory objects in third-party extensions. Patch by Adam Turner
• #3099: LaTeX: PDF build crashes if a code-block contains more than circa 1350 codelines (about 27 a4-sized pages at default pointsize). Patch by Jean-François B.
• #14064: LaTeX: TABs ending up in sphinxVerbatim fail to obey tab stops. Patch by Jean-François B.
• #14089: autodoc: Improve support for non-weakreferencable objects. Patch by Adam Turner
• LaTeX: Fix accidental removal at 3.5.0 (#8854) of the documentation of literalblockcappos key of sphinxsetup. Patch by Jean-François B.

Changelog

Sourced from sphinx's changelog.

Release 9.1.0 (released Dec 31, 2025)

Dependencies

• #14153: Drop Python 3.11 support.
• #12555: Drop Docutils 0.20 support. Patch by Adam Turner

Features added

• Add :meth:~sphinx.application.Sphinx.add_static_dir for copying static assets from extensions to the build output. Patch by Jared Dillard

Bugs fixed

• #14189: autodoc: Fix duplicate :no-index-entry: for modules. Patch by Adam Turner
• #13713: Fix compatibility with MyST-Parser. Patch by Adam Turner
• Fix tests for Python 3.15. Patch by Adam Turner
• #14089: autodoc: Fix default option parsing. Patch by Adam Turner
• Remove incorrect static typing assertions. Patch by Adam Turner
• #14050: LaTeXTranslator fails to build documents using the "acronym" standard role. Patch by Günter Milde
• LaTeX: Fix rendering for grid filled merged vertical cell. Patch by Tim Nordell
• #14228: LaTeX: Fix overrun footer for cases of merged vertical table cells. Patch by Tim Nordell
• #14207: Fix creating HTMLThemeFactory objects in third-party extensions. Patch by Adam Turner
• #3099: LaTeX: PDF build crashes if a code-block contains more than circa 1350 codelines (about 27 a4-sized pages at default pointsize). Patch by Jean-François B.
• #14064: LaTeX: TABs ending up in sphinxVerbatim fail to obey tab stops. Patch by Jean-François B.
• #14089: autodoc: Improve support for non-weakreferencable objects. Patch by Adam Turner
• LaTeX: Fix accidental removal at 3.5.0 (#8854) of the documentation of literalblockcappos key of :ref:'sphinxsetup' <latexsphinxsetup>. Patch by Jean-François B.

Commits

• cc7c6f4 Bump to 9.1.0 final
• b127b94 Add app.add_static_dir() for copying extension static files (#14219)
• 20f1c46 LaTeX: Inhibit breaks for rows with merged vertical cells (#14227)
• 3c85411 Polish CHANGES.rst (#14225)
• 9ee5446 LaTeX: restore 1.7 documentation of literalblockcappos (#14224)
• d75d602 LaTeX: improve (again...) some code comments in time for 9.1.0 (#14222)
• 8dca61d Improve some LaTeX code comments (#14220)
• 8ab9600 Bump to 9.1.0 candidate 2
• d59b237 autodoc: Improve support for non-weakreferencable objects
• 964424b Use the correct reference for using existing extensions (#14157)
• Additional commits viewable in compare view

Updates furo to 2025.12.19

Release notes

Sourced from furo's releases.

2025.12.19

• Bump the supported Sphinx version range

Full Changelog: pradyunsg/furo@2025.09.25...2025.12.19

Changelog

Sourced from furo's changelog.

2025.12.19 -- Harmonious Honeydew

• ✨ Add support for Sphinx 9.
• Drop support for Sphinx 6.

2025.09.25 -- Gleaming Green

• Change the dark mode code back to native.

2025.07.19 -- Frozen Flame

• ✨ Switch to accessible-pygments themes
• ✨ Prefetch the sidebar logos
• ✨ Fix flickering header drop shadow on Safari
• Add rel=edit attribute to "Edit this page" link/icon
• Bump NodeJS and npm dependency versions
• Bump Saas & Webpack major versions
• Improve current page detection to be resilient to sticky elements above header
• Modernise Sass and use @use + @forward
• Remove top of code border-radius with captions
• Remove "debug printf" for headerTop value
• Use distinct images for light and dark mode in the documentation
• Use the modern Saas Modules

2024.08.06 -- Energetic Eminence

• ✨ Add support for Sphinx 8
• ✨ Add smoother transitions between breakpoints
• Increase specificity of table-wrapper selector
• Avoid page breaks inside paragraphs

2024.07.18 -- Dull Denim

• Improve how icons are handled and aligned.
• Improve scroll event handler.
• Hide the copybutton by default.
• Fix source_view_link configuration handling.
• Fix close tag on pencil icon.

2024.05.06 -- Cheerful Cerulean

• ✨ Add new custom icons for auto mode, reflecting the currently active theme.
• ✨ Add a view this page button.
• ✨ Add colours and highlighting to "version modified" API helpers.
• ✨ Add release information to various customisation knobs.
• Make all icons bigger and use a thinner stroke with them.

2024.04.27 -- Bold Burgundy

• Add a skip to content link.

... (truncated)

Commits

• dd9e9f9 Prepare release: 2025.12.19
• d43f7e9 Update changelog
• d27cab5 Bump the supported Sphinx version range
• 12f288e Back to development
• 7c5f8fa Prepare release: 2025.09.25
• 8bfdc54 Update changelog
• d92b62f Switch the dark mode theme back to native
• 83c3446 Add Blender to "used by" section (#898)
• 426ea05 Remove old scrollbar selectors (#892)
• d22d31c Remove trailing slash on void elements (#895)
• Additional commits viewable in compare view

Updates esbonio to 2.0.0

Release notes

Sourced from esbonio's releases.

Esbonio Language Server v2.0.0 - 2026-04-11

v2.0.0 - 2026-04-11

Breaking Changes

• Drop support for Sphinx v6. (#1086)

• The default values for the following configuration options have been changed.

  • esbonio.logging.level now defaults to info
  • esbonio.server.completion.preferredInsertBehavior now defaults to insert

  (#1094)

• The default values for the following configuration options have been changed.

  • esbonio.logging.format now defaults to [%(method)s(%(msgid)s)][%(name)s] %(message)s

  Only log messages associated with the LSP methods initialize, initialized, textDocument/didOpen and workspace/didChangeConfiguration are shown by default, regardless of logging level.

  (#1095)

• The esbonio command no longer starts the server, instead the server is launched by running esbonio server, or by invoking the python -m esbonio.server (#1098)

Features

• Add support for Sphinx v9 by @​gastmaier (#1085)
• Introduce the esbonio.logging.enabledMethods option which can be used to override the list of LSP methods for which log messages are shown. (#1095)

Enhancements

• The esbonio.sphinx.pythonCommand can now be set to a single string, useful when working with virtual environments by @​gastmaier (#1085)

Commits

• 0832ee4 Esbonio Language Server Release v2.0.0
• bcb7488 Merge pull request #1102 from swyddfa/develop
• 6394447 code: Update changelog
• b1c4bcd workflow: Be specific about bundled esbonio version
• 509420c code: bump python dependencies
• 713877c code: bump node dependencies
• 8bbe9e5 docs: update migration guide
• 4351749 lsp: Introduce cli subcommands
• fa30e22 [pre-commit.ci] auto fixes from pre-commit.com hooks
• 5ad29e2 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Updates sphinx-autobuild to 2025.8.25

Changelog

Sourced from sphinx-autobuild's changelog.

Changelog

unreleased

• Set Cache-Control header to no-cache for served files.

2025.08.25 - 2025-08-25

• Drop support for Python 3.9-3.10 to match Sphinx.
• Declare support for Python 3.14.
• Add an optional --post-build flag to run additional commands after building the documentation.
• Add support for the SPHINX_AUTOBUILD_DEBUG environment variable to help with debugging.

2024.10.03 - 2024-10-03

• Improve error handling for failures in pre-build commands.

2024.10.02 - 2024-10-02

• Show the changed paths that triggered the rebuild.

2024.09.19 - 2024-09-19

• Fix path filtering on Windows by normalising path separators.
• Filter various directories by default (.git, venv, etc).
• Serve the correct directory when using make mode (-M).

2024.09.18 - 2024-09-18

• Run Sphinx through the Python entry point rather than the binary on PATH.

2024.09.17 - 2024-09-17

• Relax checks for paths that aren't required to exist.

2024.09.03 - 2024-09-03

• Fix support for Python 3.9.
• Fix running sphinx-autobuild via entry point scripts.

... (truncated)

Commits

• fd726c5 Release 2025.08.25
• f810750 Update pre-commit versions
• 12e0553 Format pyproject.toml
• 6d039d4 Declare support for Python 3.14
• c4a47b0 Fix name of 'test' nox session in docs (#193)
• 48fcf5c Fix --help with Python 3.14 and Sphinx 8.2.3 (#199)
• 0c52892 Add SPHINX_AUTOBUILD_DEBUG to aid debugging (#192)
• cc58cc1 Add a --post-build argument (#190)
• 92bcf10 Require Python 3.11 or newer, to match Sphinx (#189)
• 86e2f37 Release 2024.10.03
• Additional commits viewable in compare view

Updates sphinx-click to 6.2.0

Commits

• e8eb75e add release notes with reno
• 46f6445 fix tests
• 722f421 print "Usage" before printing the command usage
• ebc3817 Fix readthedocs build (redux)
• 9ee09f9 Fix readthedocs build
• 58473a8 Migrate to trusted publishing
• 0d4f938 Drop support for Python < 3.10, add Python 3.13
• 073353a Migrate setuptools, mypy configuration to pyproject.toml
• 83a5a17 Prefer Group over MultiCommand
• d9705e8 Bump actions versions
• Additional commits viewable in compare view

Updates sphinx-substitution-extensions to 2026.1.12

Changelog

Sourced from sphinx-substitution-extensions's changelog.

Changelog

.. contents::

Next

• Drop Python 3.10 support (requires Python >=3.11).
• Pin Sphinx to <9 in dev dependencies for sphinx_toolbox compatibility in sample project.

2026.01.12

• Fix bug where SubstitutionXRefRole removed all occurrences of "substitution-" from CSS class names instead of only the prefix.

2025.12.15

2025.11.17

• Give version in extension metadata.

• literalinclude directive now supports the following options:

  • :content-substitutions: - Performs substitutions on the included file content.
  • :path-substitutions: - Performs substitutions on the file path.

• image directive now supports the following option:

  • :path-substitutions: - Performs substitutions on the image file path.

• Add substitutions_default_enabled configuration option to enable substitutions by default. When set to True in conf.py:

  • Substitutions are applied to all code-block directives without requiring the :substitutions: flag. Use the :nosubstitutions: flag on individual code blocks to disable substitutions when the default is enabled.
  • Substitutions are applied to all literalinclude directives (both content and path) without requiring the :content-substitutions: or :path-substitutions: flags. Use the :nocontent-substitutions: or :nopath-substitutions: flags on individual literalinclude directives to disable substitutions when the default is enabled.
  • Substitutions are applied to all image directives (path) without requiring the :path-substitutions: flag. Use the :nopath-substitutions: flag on individual image directives to disable substitutions when the default is enabled.

2025.10.24

2025.06.06

2025.04.03

... (truncated)

Commits

• a1c97cb Bump CHANGELOG
• ca6eb90 Merge pull request #1329 from adamtheturtle/fix-removeprefix-bug-1328
• ea190ee Add changelog entry
• f8df268 Make test more robust
• d8a7b6d Remove useless comments
• dbcdf9a Simplify docstring
• cf937c5 Make test pass
• 1255019 Add failing test
• d0cd59a Merge pull request #1327 from adamtheturtle/dependabot/pip/ruff-0.14.11
• 7b9738f Bump ruff from 0.14.10 to 0.14.11
• Additional commits viewable in compare view

Updates sphinx-inline-tabs to 2025.12.21.14

Commits

• 7f95645 Prepare release: 2025.12.21.14
• 1bbb464 Add annotation for setup(app)
• 3d24c7a Docutils 0.22 compatibility (#51)
• 5e91213 Modernise project metadata (#49)
• 12a2ee2 Merge pull request #47 from nineteendo/nineteendo-patch-1
• f8d2037 Use empty tag
• 5bb7a4b Merge pull request #42 from nedbat/patch-1
• df1e907 Update pyproject.toml to include a doc link
• 2dd55d2 Merge pull request #35 from pradyunsg/pre-commit-ci-update-config
• fcbdcc9 [pre-commit.ci] pre-commit autoupdate
• Additional commits viewable in compare view

Updates ruff from 0.15.10 to 0.15.11

Release notes

Sourced from ruff's releases.

0.15.11

Release Notes

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Install ruff 0.15.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex"

Download ruff 0.15.11

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Commits

• 53554b1 Bump 0.15.11 (#24678)
• 08c56c8 Factor out the mdtest crate (#24616)
• 725fbb7 [ty] Use partially qualified names when reporting diagnostics regarding bad c...
• ddd6a30 [ty] Do not suggest argument completion when at value of keyword argument (#2...
• 9282e61 Disallow @​disjoint_base on TypedDicts and Protocols (#24671)
• e9986d8 [ty] Reject using properties with Never setters or deleters (#24510)
• 9cf212f [ty] Normalize property setter and deleter wrappers (#24509)
• 12a1589 Add override mention to ASYNC109 docs (#24666)
• dccb03d [ty] Avoid panicking on overloaded Callable type context (#24661)
• 61f9a0a [ty] Sync vendored typeshed stubs (#24646)
• Additional commits viewable in compare view

Updates typos to 1.45.1

Release notes

Sourced from typos's releases.

v1.45.1

[1.45.1] - 2026-04-13

Fixes

• (action) Use a temp dir for caching

Changelog

Sourced from typos's changelog.

[1.45.1] - 2026-04-13

Fixes

• (action) Use a temp dir for caching

[1.45.0] - 2026-04-01

Features

• Updated the dictionary with the March 2026 changes

[1.44.0] - 2026-02-27

Features

• Updated the dictionary with the February 2026 changes

[1.43.5] - 2026-02-16

Fixes

• (pypi) Hopefully fix the sdist build

[1.43.4] - 2026-02-09

Fixes

• Don't correct pincher

[1.43.3] - 2026-02-06

Fixes

• (action) Adjust how typos are reported to github

[1.43.2] - 2026-02-05

Fixes

• Don't correct certifi in Python

[1.43.1] - 2026-02-03

Fixes

• Don't correct consts

[1.43.0] - 2026-02-02

... (truncated)

Commits

• cf5f1c2 chore: Release
• 485d425 docs: Update changelog
• 2fe77ce Merge pull request #1539 from epage/action
• a9595ea fix(action): Leave binary in temp dir
• 02ea592 chore: Release
• b859c0d chore: Release
• 6fd32ce docs: Update changelog
• 7626d89 Merge pull request #1530 from crate-ci/renovate/j178-prek-action-2.x
• 2c9510c Merge pull request #1532 from epage/march
• 265b88f feat(dict): March updates
• Additional commits viewable in compare view

Updates pre-commit to 4.5.1

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.1

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.5.1 - 2025-12-16

Fixes

• Fix language: python with repo: local without additional_dependencies.
  • #3597 PR by @​asottile.

4.5.0 - 2025-11-22

Features

• Add pre-commit hazmat.
  • #3585 PR by @​asottile.

4.4.0 - 2025-11-08

Features

• Add --fail-fast option to pre-commit run.
  • #3528 PR by @​JulianMaurin.
• Upgrade ruby-build / rbenv.
  • #3566 PR by @​asottile.
  • #3565 issue by @​MRigal.
• Add language: unsupported / language: unsupported_script as aliases for language: system / language: script (which will eventually be deprecated).
  • #3577 PR by @​asottile.
• Add support docker-in-docker detection for cgroups v2.
  • #3535 PR by @​br-rhrbacek.
  • #3360 issue by @​JasonAlt.

Fixes

• Handle when docker gives SecurityOptions: null.
  • #3537 PR by @​asottile.
  • #3514 issue by @​jenstroeger.
• Fix error context for invalid stages in .pre-commit-config.yaml.
  • #3576 PR by @​asottile.

4.3.0 - 2025-08-09

Features

• language: docker / language: docker_image: detect rootless docker.
  • #3446 PR by @​matthewhughes934.
  • #1243 issue by @​dkolepp.
• language: julia: avoid startup.jl when executing hooks.
  • #3496 PR by @​ericphanson.
• language: dart: support latest dart versions which require a higher sdk lower bound.
  • #3507 PR by @​bc-lee.

... (truncated)

Commits

• 8a0630c v4.5.1
• fcbc745 Merge pull request #3597 from pre-commit/empty-setup-py
• 51592ee fix python local template when artifact dirs are present
• 67e8faf Merge pull request #3596 from pre-commit/pre-commit-ci-update-config
• c251e6b [pre-commit.ci] pre-commit autoupdate
• 98ccafa Merge pull request #3593 from pre-commit/pre-commit-ci-update-config
• 4895355 [pre-commit.ci] pre-commit autoupdate
• 2cedd58 Merge pull request #3588 from pre-commit/pre-commit-ci-update-config
• 465192d [pre-commit.ci] pre-commit autoupdate
• fd42f96 Merge pull request #3586 from pre-commit/zipapp-sha256-file-not-needed
• Additional commits viewable in compare view

Updates ty to 0.0.31

Release notes

Sourced from ty's releases.

0.0.31

Release Notes

Released on 2026-04-15.

Bug fixes

• Avoid panic from double inference for namedtuple(typename=T, field_names=x, **{}) (#24641)
• Avoid panic from double inference with missing functional Enum(...) names (#24638)
• Avoid panic from double inference with functional Enum(value=...) (#24639)
• Fix cases where invalid-key fix doesn't converge, and override-of-final-method produces invalid syntax (#24649)
• Fix unnecessary ty:ignore comments inserted by --add-ignore for diagnostics starting on the same line (#24651)

CLI

• Add --fix mode to enable auto-fix for diagnostics (#24097)

Performance

• Avoid excessive memory usage for dataclasses with many fields (#24620)

Core type checking

• Check inherited NamedTuple field conflicts (#24542)
• Error when duplicate keywords are provided to TypedDict constructors (#24449)
• Respect mixed positional and keyword arguments in TypedDict constructor (#24448)
• Respect subclass shadowing for inherited NamedTuple fields (#24640)
• Skip EnumMeta.__call__ for enum constructor signatures (#24513)

Contributors

• @​sharkdp
• @​Glyphack
• @​MichaReiser
• @​charliermarsh

Install ty 0.0.31

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.31/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.31/ty-installer.ps1 | iex"

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.31

Released on 2026-04-15.

Bug fixes

• Avoid panic from double inference for namedtuple(typename=T, field_names=x, **{}) (#24641)
• Avoid panic from double inference with missing functional Enum(...) names (#24638)
• Avoid panic from double inference with functional Enum(value=...) (#24639)
• Fix cases where invalid-key fix doesn't converge, and override-of-final-method produces invalid syntax (#24649)
• Fix unnecessary ty:ignore comments inserted by --add-ignore for diagnostics starting on the same line (#24651)

CLI

• Add --fix mode to enable auto-fix for diagnostics (#24097)

Performance

• Avoid excessive memory usage for dataclasses with many fields (#24620)

Core type checking

• Check inherited NamedTuple field conflicts (#24542)
• Error when duplicate keywords are provided to TypedDict constructors (#24449)
• Respect mixed positional and keyword arguments in TypedDict constructor (#24448)
• Respect subclass shadowing for inherited NamedTuple fields (#24640)
• Skip EnumMeta.__call__ for enum constructor signatures (#24513)

Contributors

• @​sharkdp
• @​Glyphack
• @​MichaReiser
• @​charliermarsh

0.0.30

Released on 2026-04-13.

As of v0.0.30, ty no longer unions Unknown into most inferred types of unannotated attributes. For example:

class Foo:
    def __init__(self) -> None:
        self.value = 1
reveal_type(Foo().value)  # revealed: int
Foo().value = "x"  # error: [invalid-assignment]

... (truncated)

Commits

• daaa404 Bump version to 0.0.31 (#3280)
• 12e86b5 Bump version to 0.0.30 (#3270)
• 67077ad Reorder sections in FAQ (#3267)
• 01144db Update docker/login-action action to v4.1.0 (#3262)
• 48b3fe3 Update prek dependencies (#3261)
• 7c81338 Create a "deployment" for the release-gate job (#3239)
• a447e03 Add a "release-gate" step to the release workflow (#3205)
• 5131a0e Update prek dependencies (#3221)
• 438a78d Bump version to 0.0.29 (#3218)
• 927aad2 Bump version to 0.0.28 (#3206)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[ambient-code]

Dependabot PR Review Summary

Overview

This PR bumps 11 Python dev dependencies in python/pyproject.toml. Several of these are major version bumps that introduce breaking changes.

CI Failures Analysis

1. type-check-python — FAILING (26 diagnostics)
The bump of ty from >=0.0.1a8 to >=0.0.31 introduces significantly stricter type checking. The new version finds 26 invalid-argument-type errors, primarily around inspect.unwrap() calls receiving Optional[Callable] instead of Callable. These are real type-safety issues that need code fixes (e.g., adding assert guards or type narrowing before the calls).

2. pytest-matrix — FAILING (ModuleNotFoundError: No module named 'certifi')
Tests on multiple Python versions fail with a missing certifi dependency during import of jumpstarter_cli_common/oidc.py. This appears to be a dependency resolution change caused by one of the bumped packages no longer pulling in certifi transitively.

3. pytest gate — FAILING (expected, depends on pytest-matrix)

Notable Breaking Changes in Bumped Packages

• Sphinx <8.1.0 → <9.2.0: Sphinx 9.1.0 drops Python 3.11 support. If docs are built in CI on Python 3.11, this will fail.
• esbonio >=0.16.x → >=2.0.0: Major version bump, likely has API changes.
• pre-commit >=3.x → >=4.5.1: Major version bump.
• ty >=0.0.1a8 → >=0.0.31: Much stricter type checking (root cause of type-check failures).

No go.mod Impact

This PR only modifies python/pyproject.toml — no Go subproject updates needed.

Recommendation

This PR is not ready to merge as-is. The ty type errors and certifi missing module need to be resolved first. Consider:

1. Fixing the 26 type errors flagged by ty v0.0.31 (note: there's already a branch fix/ty-type-check-errors in the repo that may address some of these).
2. Investigating the certifi dependency resolution issue.
3. Verifying Sphinx 9 compatibility with your Python 3.11 test matrix (Sphinx 9 drops 3.11 support).

[mangelajo]

@ambient-code please fix the CI issues

[ambient-code]

Dependency bump review summary

This PR bumps 11 Python dependencies. CI was failing with 3 categories of issues. I've pushed a fix commit addressing all of them:

1. pytest failures — Missing requests dependency

The jumpstarter-cli-common package uses authlib.integrations.requests_client.OAuth2Session which requires requests, but requests was not declared as a dependency. It worked before because uv.lock resolved it transitively from other workspace members. The dependabot change to pyproject.toml (adding certifi) caused uv.lock to go out of sync, triggering a fresh resolution that excluded requests.

Fix: Added requests>=2.28.0 to jumpstarter-cli-common/pyproject.toml dependencies and regenerated uv.lock.

2. type-check-python failures — ty 0.0.31 stricter checks (17 diagnostics)

The bump from ty>=0.0.1a8 to ty>=0.0.31 introduced stricter type checking:

• 11x unresolved-attribute: ty doesn't recognize __wrapped__ (set by functools.wraps) on Callable types when accessing callback.__wrapped__.__wrapped__ in tests
• 3x invalid-assignment: lease_async mock functions lack self parameter vs the class method signature
• 2x unused-ignore-comment: Old # ty: ignore[unresolved-reference] comments for nonlocal augmented assignment are no longer needed

Fix: Added appropriate # ty: ignore[unresolved-attribute] and # ty: ignore[invalid-assignment] suppression comments, removed the 2 unused ignore directives.

3. check-warnings failures — Sphinx 9.x breaks README cross-references

The bump from sphinx<8.1.0 to sphinx<9.2.0 caused 42 [myst.xref_missing] warnings for symlinked/referenced README files across driver packages. Sphinx 9.x changed how it resolves cross-references to source documents.

Fix: Pinned Sphinx back to <9.0.0. A proper Sphinx 9.x migration would require restructuring how README files are referenced in the docs, which is out of scope for this dependency bump PR.

Not applicable

• ✅ No go.mod changes — Python-only PR
• ✅ No k8s version changes