Bump the production-dependencies group with 26 updates

[dependabot]

Bumps the production-dependencies group with 26 updates:

Package	From	To
babel	2.17.0	2.18.0
backrefs	5.8	6.2
certifi	2025.1.31	2026.2.25
charset-normalizer	3.4.1	3.4.4
idna	3.10	3.11
markdown	3.8.1	3.10.2
markupsafe	3.0.2	3.0.3
mkdocs-material	9.7.3	9.7.4
mypy-extensions	1.0.0	1.1.0
pathspec	0.12.1	1.0.4
pygments	2.19.1	2.19.2
pymdown-extensions	10.16.1	10.21
pyyaml-env-tag	0.1	1.1
requests	2.32.4	2.32.5
termcolor	2.5.0	3.3.0
typing-extensions	4.12.2	4.15.0
build	1.2.2.post1	1.4.0
cfgv	3.4.0	3.5.0
distlib	0.3.9	0.4.0
filelock	3.20.3	3.25.0
identify	2.6.8	2.6.17
nodeenv	1.9.1	1.10.0
virtualenv	20.36.1	21.1.0
wheel	0.46.2	0.46.3
pip	26.0	26.0.1
setuptools	78.1.1	82.0.0

Updates babel from 2.17.0 to 2.18.0

Release notes

Sourced from babel's releases.

v2.18.0

Happy 2026! Like last year's release (ahem...), this one too is being made from FOSDEM 2026, in Brussels, Belgium. 🇧🇪 We'll aspire for a less glacial release cycle for 2.19. 😁

Please see CHANGELOG.rst for the detailed change log.

Full Changelog: python-babel/babel@v2.17.0...v2.18.0

Changelog

Sourced from babel's changelog.

Version 2.18.0

Happy 2026! This release is, coincidentally, also being made from FOSDEM.

We will aspire for a slightly less glacial release cadence in this year; there are interesting features in the pipeline.

Features

* Core: Add `babel.core.get_cldr_version()` by @akx in :gh:`1242`
* Core: Use CLDR 47 by @tomasr8 in :gh:`1210`
* Core: Use canonical IANA zone names in zone_territories by @akx in :gh:`1220`
* Messages: Improve extract performance via ignoring directories early during os.walk by @akx in :gh:`968`
* Messages: Merge in per-format keywords and auto_comments by @akx in :gh:`1243`
* Messages: Update keywords for extraction of dpgettext and dnpgettext by @mardiros in :gh:`1235`
* Messages: Validate all plurals in Python format checker by @tomasr8 in :gh:`1188`
* Time: Use standard library `timezone` instead of `FixedOffsetTimezone` by @akx in :gh:`1203`
Bugfixes

• Core: Fix formatting for "Empty locale identifier" exception added in #1164 by @​akx in :gh:1184
• Core: Improve handling of no-inheritance-marker in timezone data by @​akx in :gh:1194
• Core: Make the number pattern regular expression more efficient by @​akx in :gh:1213
• Messages: Keep translator comments next to the translation function call by @​akx in :gh:1196
• Numbers: Fix KeyError that occurred when formatting compact currencies of exactly one thousand in several locales by @​bartbroere in :gh:1246

Other improvements

* Core: Avoid unnecessary uses of `map()` by @akx in :gh:`1180`
* Messages: Have init-catalog create directories too by @akx in :gh:`1244`
* Messages: Optimizations for read_po by @akx in :gh:`1200`
* Messages: Use pathlib.Path() in catalog frontend; improve test coverage by @akx in :gh:`1204`
Infrastructure and documentation

• CI: Renovate CI & lint tools by @​akx in :gh:1228
• CI: Tighten up CI with Zizmor by @​akx in :gh:1230
• CI: make job permissions explicit by @​akx in :gh:1227
• Docs: Add SECURITY.md by @​akx in :gh:1229
• Docs: Remove u string prefix from docs by @​verhovsky in :gh:1174
• Docs: Update dates.rst with current unicode.org tr35 link by @​clach04 in :gh:1189
• General: Add some PyPI classifiers by @​tomasr8 in :gh:1186
• General: Apply reformatting by hand and with Ruff by @​akx in :gh:1202
• General: Test on and declare support for Python 3.14 by @​akx in :gh:1233

... (truncated)

Commits

• 56c63ca Prepare for 2.18.0 (#1248)
• 73015a1 Add user-agent to CLDR downloader (#1247)
• 29bd362 Fix formatting compact currencies of exactly one thousand in several locales ...
• 851db43 Reuse InitCatalog's guts in UpdateCatalog (#1244)
• fd00e60 Extract: Merge in per-format keywords and auto_comments (#1243)
• 12a14b6 Add dpgettext and dnpgettext support (#1235)
• 7110e62 Use canonical IANA zone names in zone_territories (#1220)
• e91c346 Improve extract performance via ignoring directories early during os.walk (#968)
• 0c4f378 Convert Unittest testcases with setup/teardown to fixtures (#1240)
• 218c96e Add babel.core.get_cldr_version() (#1242)
• Additional commits viewable in compare view

Updates backrefs from 5.8 to 6.2

Release notes

Sourced from backrefs's releases.

6.2

• NEW Add alias prefixmatch for match in both bre and bregex.

6.1

• NEW: Include Unicode 17 zip for early Python 3.15 usage, though Python 3.15 functionality is not guaranteed.
• FIX: Fix issues with regex imports in later versions.

6.0.1

• FIX: Fix a regression that created an ASCII binary property that would override the ASCII block property.

6.0

• NEW: POSIX character classes will now always use POSIX compatibility rules instead of Unicode standard rules, if any are specified in the Unicode specification. The affected character classes are: [[:alnum:]], [[:digit:]], [[:xdigit:]], and [[:punct:]]. To explicitly use standard Unicode rules for these compatibility properties, use the Unicode property form instead: [\p{Alnum}], [\p{Digit}], [\p{Punct}], or [\p{XDigit}]. This has changed to ensure no confusion for users expecting compatible POSIX style character class properties.
• FIX: Scoped ASCII/Unicode flags ((?a:pattern)/(?u:pattern)) should be respected for Unicode properties in bre and will ensure ASCII or Unicode range if used.
• FIX: Fix issues related to detecting disabled scoped flags.

5.9

• NEW: Add support for Python 3.14.
• ENHANCE: Switch to deploying with PyPI's "Trusted Publisher".

Commits

• 6f9d90d Add alias prefixmatch for match (#195)
• 220132e Update to a more common syntax for admonitions
• 56c24eb Update doc theme and copyright
• da5453e Remove build badge
• 30c2812 Update docs to use zensical (#194)
• e66f6c4 Fix import of regex stuff
• 1206228 Include Unicode 17 zip for Python 3.15 early access
• 23738f0 Fix codec warning is Unicode download script
• 63f8a4b Fix grammar
• 7f4bf61 Rework POSIX alias
• Additional commits viewable in compare view

Updates certifi from 2025.1.31 to 2026.2.25

Commits

• 8571a4b 2026.02.25 (#395)
• 6f7de00 Bump peter-evans/create-pull-request from 8.0.0 to 8.1.0 (#390)
• a1de59b Bump actions/checkout from 6.0.1 to 6.0.2 (#391)
• 7f5ade5 Bump actions/setup-python from 6.1.0 to 6.2.0 (#392)
• c64d9f3 2026.01.04 (#389)
• 4ac232f Bump actions/download-artifact from 6.0.0 to 7.0.0 (#387)
• 95ae4b2 Update CI workflow to use Ubuntu 24.04 and Python 3.14 stable (#386)
• b72a7b1 Bump dessant/lock-threads from 5.0.1 to 6.0.0 (#385)
• ecc2672 Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#384)
• 6a897db Bump peter-evans/create-pull-request from 7.0.11 to 8.0.0 (#383)
• Additional commits viewable in compare view

Updates charset-normalizer from 3.4.1 to 3.4.4

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.4

3.4.4 (2025-10-13)

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

• Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
• Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
• Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

Version 3.4.3

3.4.3 (2025-08-09)

Changed

• mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
• automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

• Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
• Support for Python 3.14

Fixed

• sdist archive contained useless directories.
• automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

• SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
• Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.

Version 3.4.2

3.4.2 (2025-05-02)

Fixed

• Addressed the DeprecationWarning in our CLI regarding argparse.FileType by backporting the target class into the package. (#591)
• Improved the overall reliability of the detector with CJK Ideographs. (#605) (#587)

Changed

• Optional mypyc compilation upgraded to version 1.15 for Python >= 3.9

Changelog

Sourced from charset-normalizer's changelog.

3.4.4 (2025-10-13)

Changed

• Bound setuptools to a specific constraint setuptools>=68,<=81.
• Raised upper bound of mypyc for the optional pre-built extension to v1.18.2

Removed

• setuptools-scm as a build dependency.

Misc

• Enforced hashes in dev-requirements.txt and created ci-requirements.txt for security purposes.
• Additional pre-built wheels for riscv64, s390x, and armv7l architectures.
• Restore multiple.intoto.jsonl in GitHub releases in addition to individual attestation file per wheel.

3.4.3 (2025-08-09)

Changed

• mypy(c) is no longer a required dependency at build time if CHARSET_NORMALIZER_USE_MYPYC isn't set to 1. (#595) (#583)
• automatically lower confidence on small bytes samples that are not Unicode in detect output legacy function. (#391)

Added

• Custom build backend to overcome inability to mark mypy as an optional dependency in the build phase.
• Support for Python 3.14

Fixed

• sdist archive contained useless directories.
• automatically fallback on valid UTF-16 or UTF-32 even if the md says it's noisy. (#633)

Misc

• SBOM are automatically published to the relevant GitHub release to comply with regulatory changes. Each published wheel comes with its SBOM. We choose CycloneDX as the format.
• Prebuilt optimized wheel are no longer distributed by default for CPython 3.7 due to a change in cibuildwheel.

3.4.2 (2025-05-02)

Fixed

• Addressed the DeprecationWarning in our CLI regarding argparse.FileType by backporting the target class into the package. (#591)
• Improved the overall reliability of the detector with CJK Ideographs. (#605) (#587)

Changed

• Optional mypyc compilation upgraded to version 1.15 for Python >= 3.8

Commits

• b30ffdc 🔧 fix checksum step in cd.yml
• d3fbfcf 🔧 fix cd.yml
• dafbb95 Release 3.4.4 (#658)
• 1f18ffa ⬆️ raise mypy upper bound to 1.18.2
• ef4ac69 Merge branch 'release-3.4.4' of github.com:jawah/charset_normalizer into rele...
• 4b35dda 📝 write changelog for 3.4.4
• 0ec6452 🔧 update cd.yml workflow (add riscv64, s390x and armv7l)
• f341ede ⬆️ upgrade dependencies (dev, ci)
• a308841 📝 write changelog for 3.4.4
• 9c906da 🔧 update cd.yml workflow (add riscv64, s390x and armv7l)
• Additional commits viewable in compare view

Updates idna from 3.10 to 3.11

Changelog

Sourced from idna's changelog.

3.11 (2025-10-12)

• Update to Unicode 16.0.0, including significant changes to UTS46 processing. As a result of Unicode ending support for it, transitional processing no longer has an effect and returns the same result.
• Add support for Python 3.14, lowest supported version is Python 3.8.
• Various updates to packaging, including PEP 740 support.

Commits

• ad949ee Release v3.11
• cae4ba7 Second release candidate for 3.11
• 8adb305 Add space in RST link
• 74cb2b6 Release candidate for 3.11
• 05dab09 Format idna-data with ruff
• 90eac78 Apply ruff formatting
• a31ce7e Remove errant test vectors
• 81f0333 Omit vectors known to be broken in test suite
• a0f3257 Merge branch 'master' into unicode-16-uts46-changes
• 38d9886 Remove extra UTS46 test vector
• Additional commits viewable in compare view

Updates markdown from 3.8.1 to 3.10.2

Release notes

Sourced from markdown's releases.

Release 3.10.2

Fixed

• Fix a regression related to comment handling (#1590).
• More reliable fix for </ (#1593).

Release 3.10.1

Fixed

• Ensure nested elements inside inline comments are properly unescaped (#1571).
• Make the docs build successfully with mkdocstrings-python 2.0 (#1575).
• Fix infinite loop when multiple bogus or unclosed HTML comments appear in input (#1578).
• Fix another infinite loop when handling bad comments (#1586).

Release 3.10.0

Changed

• Officially support Python 3.14 and PyPy 3.11 and drop support for Python 3.9 and PyPy 3.9.

Fixed

• Fix an HTML comment parsing case in some Python versions that can cause an infinite loop (#1554).
• Revert the default behavior of USE_DEFINITION_ORDER (to True). The new behavior introduced in 3.9.0 is experimental and results are inconsistent. It should not have been made the default behavior (#1561).

Release 3.9.0

Changed

• Footnotes are now ordered by the occurrence of their references in the document. A new configuration option for the footnotes extension, USE_DEFINITION_ORDER, has been added to support restoring the previous behavior of ordering footnotes by the occurrence of definitions (#1367).

Fixed

• Ensure inline processing iterates through elements in document order (#1546).
• Fix handling of incomplete HTML tags in code spans in Python 3.14 (#1547).

Release 3.8.2

Fixed

• Fix codecs deprecation in Python 3.14.
• Fix issue with unclosed comment parsing in Python 3.14.
• Fix issue with unclosed declarations in Python 3.14.
• Fix issue with unclosed HTML tag <foo and Python 3.14.

Changelog

Sourced from markdown's changelog.

[3.10.2] - 2026-02-09

Fixed

• Fix a regression related to comment handling (#1590).
• More reliable fix for </ (#1593).

[3.10.1] - 2026-01-21

Fixed

• Ensure nested elements inside inline comments are properly unescaped (#1571).
• Make the docs build successfully with mkdocstrings-python 2.0 (#1575).
• Fix infinite loop when multiple bogus or unclosed HTML comments appear in input (#1578).
• Fix another infinite loop when handling bad comments (#1586).

[3.10.0] - 2025-11-03

Changed

• Officially support Python 3.14 and PyPy 3.11 and drop support for Python 3.9 and PyPy 3.9.

Fixed

• Fix an HTML comment parsing case in some Python versions that can cause an infinite loop (#1554).
• Revert the default behavior of USE_DEFINITION_ORDER (to True). The new behavior introduced in 3.9.0 is experimental and results are inconsistent. It should not have been made the default behavior (#1561).

[3.9.0] - 2025-09-04

Changed

• Footnotes are now ordered by the occurrence of their references in the document. A new configuration option for the footnotes extension, USE_DEFINITION_ORDER, has been added to support restoring the previous behavior of ordering footnotes by the occurrence of definitions (#1367).

Fixed

• Ensure inline processing iterates through elements in document order (#1546).
• Fix handling of incomplete HTML tags in code spans in Python 3.14 (#1547).

[3.8.2] - 2025-06-19

Fixed

• Fix codecs deprecation in Python 3.14 (#1537).

... (truncated)

Commits

• e7a0efb Bump version to 3.10.2
• 6301833 Document HTML sanitation policy
• 7f29f1a More reliable fix for </
• c438647 Fix regression of special comments
• e5fa5b8 Bump version to 3.10.1
• f925349 More HTML fixes
• 9933a0a Revert "Allow reference links with backticks"
• 07dfa4e Allow reference links with backticks
• fb6b27a Fix infinite loop when text contains multiple unclosed comments
• 89112c2 Make the docs build successfully with mkdocstrings-python 2.0
• Additional commits viewable in compare view

Updates markupsafe from 3.0.2 to 3.0.3

Release notes

Sourced from markupsafe's releases.

3.0.3

This is the MarkupSafe 3.0.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/MarkupSafe/3.0.3/ Changes: https://markupsafe.palletsprojects.com/page/changes/#version-3-0-3 Milestone: https://github.com/pallets/markupsafe/milestone/15?closed=1

• __version__ raises DeprecationWarning instead of UserWarning. #487
• Adopt multi-phase initialization PEP 489 for the C extension. #494
• Build Windows ARM64 wheels. #485
• Build Python 3.14 wheels. #503
• Build riscv64 wheels. #505

Changelog

Sourced from markupsafe's changelog.

Version 3.0.3

Released 2025-09-27

• __version__ raises DeprecationWarning instead of UserWarning. :issue:487
• Adopt multi-phase initialisation (:pep:489) for the C extension. :issue:494
• Build Windows ARM64 wheels. :issue:485
• Build Python 3.14 wheels. :issue:503
• Build riscv64 wheels. :issue:505

Commits

• 297fc8e release version 3.0.3
• 7e4e6ce Free-threading: run with pytest-run-paralell (#507)
• 6100b9c enable riscv64 wheels (#506)
• c9d5ecf enable riscv64 wheels
• 2f9b337 tox for 3.14
• 78d951a update dev dependencies
• bb6744e add entry
• 65c4134 upgrade cibuildwheel, add cp314 wheels and test on CPython 3.14 (#504)
• 3a9bd88 add cp314 wheels
• aafe44d remove slsa provenance (#501)
• Additional commits viewable in compare view

Updates mkdocs-material from 9.7.3 to 9.7.4

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.7.4

[!WARNING]

Material for MkDocs is in maintenance mode

Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs until November 2026.

Read the full announcement on our blog

Changes

• Hardened social cards plugin by switching to sandboxed environment (recommended by @​caveeroo)
• Updated MkDocs 2.0 incompatibility warning

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.7.5 (2026-03-10)

• Limited version range of mkdocs to <2
• Updated MkDocs 2.0 incompatibility warning (clarify relation with MkDocs)

mkdocs-material-9.7.4 (2026-03-03)

• Hardened social cards plugin by switching to sandboxed environment
• Updated MkDocs 2.0 incompatibility warning

mkdocs-material-9.7.3 (2026-02-24)

• Fixed #8567: Print MkDocs 2.0 incompatibility warning to stderr

mkdocs-material-9.7.2 (2026-02-18)

• Opened up version ranges of optional dependencies for forward-compatibility
• Added warning to 'mkdocs build' about impending MkDocs 2.0 incompatibility

mkdocs-material-9.7.1 (2025-12-18)

• Updated requests to 2.30+ to mitigate CVE in urllib
• Fixed privacy plugin not picking up protocol-relative URLs
• Fixed #8542: false positives and negatives captured in privacy plugin

mkdocs-material-9.7.0 (2025-11-11)

⚠️ Material for MkDocs is now in maintenance mode

This is the last release of Material for MkDocs that will receive new features. Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs for 12 months at least.

Read the full announcement on our blog: https://squidfunk.github.io/mkdocs-material/blog/2025/11/05/zensical/

This release includes all features that were previously exclusive to the Insiders edition. These features are now freely available to everyone.

Note on deprecated plugins: The projects and typeset plugins are included in this release, but must be considered deprecated. Both plugins proved unsustainable to maintain and represent architectural dead ends. They are provided as-is without ongoing support.

Changes:

• Added support for pinned blog posts and author profiles
• Added support for customizing pagination for blog index pages
• Added support for customizing blog category sort order

... (truncated)

Commits

• 9580c28 Prepare 9.7.4 release
• 4ae913c Updated MkDocs 2.0 warning message
• fdf40c0 Bump minimatch (#8570)
• b368bed Switched social card generator to sandboxed Jinja environment
• e2d0012 Updated blog post with note on environment variable
• fc7b41e Updated changelog
• See full diff in compare view

Updates mypy-extensions from 1.0.0 to 1.1.0

Commits

• 70d9435 remove dev from version
• 8d272bb Switch build-backend to flit_core + use License-Expression for project metada...
• 1b46102 Bump dev version to 1.1.0-dev (#57)
• 400534f Deprecate mypy_extensions.NoReturn (#56)
• 23fbfa5 Update flake8 to 7.1.1 (#54)
• 9ddbb08 Cleanup tests (#55)
• 6d9c7b7 Move metadata to pyproject + drop Python 3.7 (#53)
• 812066c [pre-commit.ci] pre-commit autoupdate (#49)
• 9dd6d98 Add support for Python 3.12 (#48)
• e0c6670 Deprecate mypy_extensions.TypedDict (#47)
• Additional commits viewable in compare view

Updates pathspec from 0.12.1 to 1.0.4

Release notes

Sourced from pathspec's releases.

v1.0.4

Release v1.0.4. See CHANGES.rst.

v1.0.3

Release v1.0.3. See CHANGES.rst.

v1.0.2

Release v1.0.2. See CHANGES.rst.

v1.0.1

Release v1.0.1. See CHANGES.rst.

v1.0.0

Release v1.0.0. See CHANGES.rst.

Changelog

Sourced from pathspec's changelog.

1.0.4 (2026-01-26)

• Issue [#103](https://github.com/cpburnz/python-pathspec/issues/103)_: Using re2 fails if pyre2 is also installed.

.. _Issue [#103](https://github.com/cpburnz/python-pathspec/issues/103): cpburnz/python-pathspec#103

1.0.3 (2026-01-09)

Bug fixes:

• Issue [#101](https://github.com/cpburnz/python-pathspec/issues/101)_: pyright strict errors with pathspec >= 1.0.0.
• Issue [#102](https://github.com/cpburnz/python-pathspec/issues/102)_: No module named 'tomllib'.

.. _Issue [#101](https://github.com/cpburnz/python-pathspec/issues/101): cpburnz/python-pathspec#101 .. _Issue [#102](https://github.com/cpburnz/python-pathspec/issues/102): cpburnz/python-pathspec#102

1.0.2 (2026-01-07)

Bug fixes:

• Type hint collections.abc.Callable does not properly replace typing.Callable until Python 3.9.2.

1.0.1 (2026-01-06)

Bug fixes:

• Issue [#100](https://github.com/cpburnz/python-pathspec/issues/100)_: ValueError(f"{patterns=!r} cannot be empty.") when using black.

.. _Issue [#100](https://github.com/cpburnz/python-pathspec/issues/100): cpburnz/python-pathspec#100

1.0.0 (2026-01-05)

Major changes:

• Issue [#91](https://github.com/cpburnz/python-pathspec/issues/91)_: Dropped support of EoL Python 3.8.
• Added concept of backends to allow for faster regular expression matching. The backend can be controlled using the backend argument to PathSpec(), PathSpec.from_lines(), GitIgnoreSpec(), and GitIgnoreSpec.from_lines().
• Renamed "gitwildmatch" pattern back to "gitignore". The "gitignore" pattern behaves slightly differently when used with PathSpec (gitignore as documented) than with GitIgnoreSpec (replicates Git's edge cases).

API changes:

... (truncated)

Commits

• 39f02a9 Release v1.0.4
• 529c0f8 Improve testpypi
• 01057ce Fix 103
• 593a859 Improve testpypi
• db3f54e Releasse v1.0.3
• 1b6bdda Releasse v1.0.3
• f9b556a Fix docs
• 9867f1a Fix tests
• 85cb3cc Fix docs
• 6628123 Fix 101 regression
• Additional commits viewable in compare view

Updates pygments from 2.19.1 to 2.19.2

Release notes

Sourced from pygments's releases.

2.19.2

• Lua: Fix regression introduced in 2.19.0 (#2882, #2839)

Changelog

Sourced from pygments's changelog.

Version 2.19.2

(released June 21st, 2025)

• Lua: Fix regression introduced in 2.19.0 (#2882, #2839)

Commits

• cfca62e Prepare v2.19.2 release.
• 6688300 Disable pyodide (currently broken.)
• 66997c3 Update ruff version.
• 94dda77 Update CHANGES.
• 26634c8 Merge pull request #2882 from thavelick/fix_lua_runaway_regex
• b6a51ec fix lua regex causing runaway backtracking.
• edef94d Investigation for #2839.
• fb6a00e Merge pull request #2837 from dlazin/sql-cleanup
• bf7aa23 Clean up sql.py
• See full diff in compare view

Updates pymdown-extensions from 10.16.1 to 10.21

Release notes

Sourced from pymdown-extensions's releases.

10.21

• NEW: Caption: Add support for specifying not only IDs but classes and arbitrary attributes. Initial work by @​joapuiib.
• FIX: MagicLink: Fix a matching pattern for Bitbucket repo.

10.20

• NEW: Quotes: New blockquotes extension added that uses a more modern approach when compared to Python Markdown's default. Quotes specifically will not group consecutive blockquotes together in the same lazy fashion that the default Python Markdown does which follows a more modern trend to how parsers these days handle block quotes.

  In addition, Quotes also provides an optional feature to enable specifying callouts/alerts in the style used by GitHub and Obsidian.

10.19.1

• FIX: Arithmatex: Fix issue where block $$ math used inline within a paragraph could result in nested math parsing.

10.19

• NEW: Emoji: Update Twemoji to use Unicode 16.
• NEW: Critic: Roll back view mode deprecation as some still like to use it, though further enhancements to this mode are not planned.

10.18

• NEW: Critic: view mode has been deprecated. To avoid warnings or future issues, explicitly set mode to either accept or reject. In the future, the new default will be accept and the view mode will be removed entirely.
• FIX: Block Admonition: important should have always been available as a default.

10.17.2

• FIX: Blocks: Blocks extensions will now better handle nesting of indented style Admonitions, Details, and Tabbed and other non-conflicting blocks.

10.17.1

• FIX: Fix an issue where Highlight can override another extension in the "registered" list in Python Markdown.

10.17

• NEW: Allow specifying static IDs in caption block headers via #id syntax.

Commits

• 6d92b68 Bump version
• baeca0e Docs: update JS deps
• bf2a237 Add classes and attributes to captions (#2844)
• 5c69e05 Fix bitbucket reference (#2835)
• fa4a066 Fix spelling
• a69f671 Update docs
• 1aa6f20 Ensure callouts always lowercases the first class (the alert type)
• 66f95d7 Docs: Update JS deps
• 44e4a12 Update readme
• e99fa9a Remove override for "back to top" button box shadow
• Additional commits viewable in compare view

Updates pyyaml-env-tag from 0.1 to 1.1

Commits

• 8f43568 Bump version to 1.1
• 84d2d1c Move tests to tests/ dir
• 18341d7 Bump version to 1.0
• b80b4a1 Add deploy workflow
• 19ccfed Get version dymanically from source
• 7922ed6 Cleanup readme
• 41e3ccf Add add_env_tag helper function
• 1087081 Update workflow
• 98fea14 Update pyproject.toml to use setuptools build.
• fdadeb7 Create GitHub workflow
• See full diff in compare view

Updates requests from 2.32.4 to 2.32.5

Release notes

Sourced from requests's releases.

v2.32.5

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Changelog

Sourced from requests's changelog.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.
• Dropped support for Python 3.8 following its end of support.

Commits

• b25c87d v2.32.5
• 131e506 Merge pull request #7010 from psf/dependabot/github_actions/actions/checkout-...
• b336cb2 Bump actions/checkout from 4.2.0 to 5.0.0
• 46e939b Update publish workflow to use artifact-id instead of name
• 4b9c546 Merge pull request #6999 from psf/dependabot/github_actions/step-security/har...
• 7618dbe Bump step-security/harden-runner from 2.12.0 to 2.13.0
• 2edca11 Add support for Python 3.14 and drop support for Python 3.8 (#6993)
• fec96cd Update Makefile rules (#6996)
• d58d8aa docs: clarify timeout parameter uses seconds in Session.request (#6994)
• 91a3eab Bump github/codeql-action from 3.28.5 to 3.29.0
• Additional commits viewable in compare view

Updates termcolor from 2.5.0 to 3.3.0

Release notes

Sourc...

Description has been truncated

[tomodwyer]

@dependabot rebase