Bump the "dependencies" group with 2 updates across multiple ecosystems

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the dependencies group with 1 update: actions/download-artifact.

Updates actions/download-artifact from 7 to 8

Release notes

Sourced from actions/download-artifact's releases.

v8.0.0

v8 - What's new

[!IMPORTANT] actions/download-artifact@v8 has been migrated to an ESM module. This should be transparent to the caller but forks might need to make significant changes.

[!IMPORTANT] Hash mismatches will now error by default. Users can override this behavior with a setting change (see below).

Direct downloads

To support direct uploads in actions/upload-artifact, the action will no longer attempt to unzip all downloaded files. Instead, the action checks the Content-Type header ahead of unzipping and skips non-zipped files. Callers wishing to download a zipped file as-is can also set the new skip-decompress parameter to true.

Enforced checks (breaking)

A previous release introduced digest checks on the download. If a download hash didn't match the expected hash from the server, the action would log a warning. Callers can now configure the behavior on mismatch with the digest-mismatch parameter. To be secure by default, we are now defaulting the behavior to error which will fail the workflow run.

ESM

To support new versions of the @actions/* packages, we've upgraded the package to ESM.

What's Changed

• Don't attempt to un-zip non-zipped downloads by @​danwkennedy in actions/download-artifact#460
• Add a setting to specify what to do on hash mismatch and default it to error by @​danwkennedy in actions/download-artifact#461

Full Changelog: actions/download-artifact@v7...v8.0.0

Commits

• 3e5f45b Add regression tests for CJK characters (#471)
• e6d03f6 Add a regression test for artifact name + content-type mismatches (#472)
• 70fc10c Merge pull request #461 from actions/danwkennedy/digest-mismatch-behavior
• f258da9 Add change docs
• ccc058e Fix linting issues
• bd7976b Add a setting to specify what to do on hash mismatch and default it to error
• ac21fcf Merge pull request #460 from actions/danwkennedy/download-no-unzip
• 15999bf Add note about package bumps
• 974686e Bump the version to v8 and add release notes
• fbe48b1 Update test names to make it clearer what they do
• Additional commits viewable in compare view

Updates the requirements on readme-renderer, sphinx and sphinx-autodoc-typehints to permit the latest version.
Updates readme-renderer to 44.0

Release notes

Sourced from readme-renderer's releases.

44.0

What's Changed

• Support newer docutils versions by @​kurtmckee in pypa/readme_renderer#315
• Resolve Node 16 deprecation warnings in CI by @​kurtmckee in pypa/readme_renderer#309
• Lint specific directories by @​kurtmckee in pypa/readme_renderer#312
• Build a wheel once, for all test environments by @​kurtmckee in pypa/readme_renderer#308
• Update .gitpod.yml to replace deprecated extension by @​shenxianpeng in pypa/readme_renderer#306
• Exclude .gitpod.yml by default with check-manifest by @​shenxianpeng in pypa/readme_renderer#307
• Lazy open output files, and always close them by @​kurtmckee in pypa/readme_renderer#314
• Release 44 by @​kurtmckee in pypa/readme_renderer#316

New Contributors

• @​kurtmckee made their first contribution in pypa/readme_renderer#315
• @​shenxianpeng made their first contribution in pypa/readme_renderer#306

Full Changelog: pypa/readme_renderer@43.0...44.0

Changelog

Sourced from readme-renderer's changelog.

44.0 (2024-07-08)

• Drop support for Python 3.8 (#315)
• Require docutils 0.21.2 and higher (#315)
• Remove HTML5 <s> tag from the list of allowed HTML tags (#315)
• Test all supported CPython and PyPy versions in CI (#315)
• Resolve Node 16 deprecation warnings in CI (#309)
• Lint specific directories (#312)
• Build a wheel once for all tox test environments (#308)
• Lazy open output files, and always close them (#314)
• Gitpod: Migrate to the Even Better TOML extension (#306)
• check-manifest: Remove a now-default .gitpod.yml exclusion (#307)

43.0 (2024-02-26)

• Allow HTML5 picture tag through cleaner (#299)
• Test against Python 3.12 (#300)

42.0 (2023-09-07)

• Migrate from bleach to nh3 (#295)
• Migrate from setup.py to pyproject.toml

41.0 (2023-08-18)

• Allow HTML5 figcaption tag through cleaner (#291)
• Test README.rst from this project (#288)

40.0 (2023-06-16)

• Add CLI option to render package README. (#271)
• Adapt tests to pygments 2.14.0 (#272)
• Update release process to use Trusted Publishing (#276)
• Replace usage of deprecated pkg_resources with importlib.metadata (#281)
• Drop support for Python 3.7 (#282), Test against Python 3.11 (#280)

37.3 (2022-10-31)

• Allow HTML5 figure tag through cleaner (#265)

37.2 (2022-09-24)

• Allow HTML5 s tag through cleaner (#261)

... (truncated)

Commits

• 1d0497c Release 44 (#316)
• 09620a6 Lazy open output files, and always close them (#314)
• 6061b3e Exclude .gitpod.yml by default with check-manifest (#307)
• 749204b Update .gitpod.yml to replace deprecated extension (#306)
• e84ded1 Build a wheel once, for all test environments (#308)
• b447d5d Lint specific directories (#312)
• 0817204 Resolve Node 16 deprecation warnings in CI (#309)
• fefd285 Support newer docutils versions (#315)
• See full diff in compare view

Updates sphinx to 9.1.0

Release notes

Sourced from sphinx's releases.

Sphinx 9.1.0

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Dependencies

• #14153: Drop Python 3.11 support.
• #12555: Drop Docutils 0.20 support. Patch by Adam Turner

Features added

• Add add_static_dir() for copying static assets from extensions to the build output. Patch by Jared Dillard

Bugs fixed

• #14189: autodoc: Fix duplicate :no-index-entry: for modules. Patch by Adam Turner
• #13713: Fix compatibility with MyST-Parser. Patch by Adam Turner
• Fix tests for Python 3.15. Patch by Adam Turner
• #14089: autodoc: Fix default option parsing. Patch by Adam Turner
• Remove incorrect static typing assertions. Patch by Adam Turner
• #14050: LaTeXTranslator fails to build documents using the "acronym" standard role. Patch by Günter Milde
• LaTeX: Fix rendering for grid filled merged vertical cell. Patch by Tim Nordell
• #14228: LaTeX: Fix overrun footer for cases of merged vertical table cells. Patch by Tim Nordell
• #14207: Fix creating HTMLThemeFactory objects in third-party extensions. Patch by Adam Turner
• #3099: LaTeX: PDF build crashes if a code-block contains more than circa 1350 codelines (about 27 a4-sized pages at default pointsize). Patch by Jean-François B.
• #14064: LaTeX: TABs ending up in sphinxVerbatim fail to obey tab stops. Patch by Jean-François B.
• #14089: autodoc: Improve support for non-weakreferencable objects. Patch by Adam Turner
• LaTeX: Fix accidental removal at 3.5.0 (#8854) of the documentation of literalblockcappos key of sphinxsetup. Patch by Jean-François B.

Changelog

Sourced from sphinx's changelog.

Release 9.1.0 (released Dec 31, 2025)

Dependencies

• #14153: Drop Python 3.11 support.
• #12555: Drop Docutils 0.20 support. Patch by Adam Turner

Features added

• Add :meth:~sphinx.application.Sphinx.add_static_dir for copying static assets from extensions to the build output. Patch by Jared Dillard

Bugs fixed

• #14189: autodoc: Fix duplicate :no-index-entry: for modules. Patch by Adam Turner
• #13713: Fix compatibility with MyST-Parser. Patch by Adam Turner
• Fix tests for Python 3.15. Patch by Adam Turner
• #14089: autodoc: Fix default option parsing. Patch by Adam Turner
• Remove incorrect static typing assertions. Patch by Adam Turner
• #14050: LaTeXTranslator fails to build documents using the "acronym" standard role. Patch by Günter Milde
• LaTeX: Fix rendering for grid filled merged vertical cell. Patch by Tim Nordell
• #14228: LaTeX: Fix overrun footer for cases of merged vertical table cells. Patch by Tim Nordell
• #14207: Fix creating HTMLThemeFactory objects in third-party extensions. Patch by Adam Turner
• #3099: LaTeX: PDF build crashes if a code-block contains more than circa 1350 codelines (about 27 a4-sized pages at default pointsize). Patch by Jean-François B.
• #14064: LaTeX: TABs ending up in sphinxVerbatim fail to obey tab stops. Patch by Jean-François B.
• #14089: autodoc: Improve support for non-weakreferencable objects. Patch by Adam Turner
• LaTeX: Fix accidental removal at 3.5.0 (#8854) of the documentation of literalblockcappos key of :ref:'sphinxsetup' <latexsphinxsetup>. Patch by Jean-François B.

Commits

• cc7c6f4 Bump to 9.1.0 final
• b127b94 Add app.add_static_dir() for copying extension static files (#14219)
• 20f1c46 LaTeX: Inhibit breaks for rows with merged vertical cells (#14227)
• 3c85411 Polish CHANGES.rst (#14225)
• 9ee5446 LaTeX: restore 1.7 documentation of literalblockcappos (#14224)
• d75d602 LaTeX: improve (again...) some code comments in time for 9.1.0 (#14222)
• 8dca61d Improve some LaTeX code comments (#14220)
• 8ab9600 Bump to 9.1.0 candidate 2
• d59b237 autodoc: Improve support for non-weakreferencable objects
• 964424b Use the correct reference for using existing extensions (#14157)
• Additional commits viewable in compare view

Updates sphinx-autodoc-typehints to 3.10.2

Release notes

Sourced from sphinx-autodoc-typehints's releases.

3.10.2

What's Changed

• 🐛 fix(ivar): tolerate malformed :ivar field entries by @​gaborbernat in tox-dev/sphinx-autodoc-typehints#684

Full Changelog: tox-dev/sphinx-autodoc-typehints@3.10.1...3.10.2

Commits

• 974fabb 🐛 fix(ivar): tolerate malformed :ivar field entries (#684)
• c1bbf4e [pre-commit.ci] pre-commit autoupdate (#682)
• 098cce3 🐛 fix(resolver): surface hints for @​no_type_check targets (#681)
• aa6020f 🐛 fix(intersphinx): skip union aliases in type mapping (#679)
• 226fbf7 ✨ feat(resolver): auto-inject :vartype: for annotated instance vars (#678)
• fc45e2c build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 (#676)
• 8c73614 [pre-commit.ci] pre-commit autoupdate (#675)
• 08d6b67 build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 (#674)
• 5df75de [pre-commit.ci] pre-commit autoupdate (#673)
• ac957ab 🔒 ci(workflows): add zizmor security auditing (#672)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions