build(deps): bump the updates group across 1 directory with 5 updates

[dependabot]

Updates the requirements on click, python-dotenv, globus-sdk, sphinx and gunicorn to permit the latest version.
Updates click to 8.3.1

Release notes

Sourced from click's releases.

8.3.1

This is the Click 8.3.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-1 Milestone: https://github.com/pallets/click/milestone/28

• Don't discard pager arguments by correctly using subprocess.Popen. #3039 #3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. #3066 #3065 #3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. #3071 #3079
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. #3019 #3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. #3069 #3090
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. #3136 #3137

Changelog

Sourced from click's changelog.

Version 8.3.1

Released 2025-11-15

• Don't discard pager arguments by correctly using subprocess.Popen. :issue:3039 :pr:3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. :issue:3066 :issue:3065 :pr:3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. :issue:3071 :pr:3079
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. :issue:3136 :pr:3137
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. :issue:3019 :pr:3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. :issue:3069 :pr:3090

Version 8.3.0

Released 2025-09-17

• Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

  • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
  • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
  • The default parameter can now be any type (bool, None, etc.)
  • Fixes inconsistencies reported in: :issue:1992 :issue:2514 :issue:2610 :issue:3024 :pr:3030

• Allow default to be set on Argument for nargs = -1. :issue:2164 :pr:3030

• Show correct auto complete value for nargs option in combination with flag option :issue:2813

• Fix handling of quoted and escaped parameters in Fish autocompletion. :issue:2995 :pr:3013

• Lazily import shutil. :pr:3023

• Properly forward exception information to resources registered with click.core.Context.with_resource(). :issue:2447 :pr:3058

• Fix regression related to EOF handling in CliRunner. :issue:2939 :pr:2940

Version 8.2.2

Released 2025-07-31

• Fix reconciliation of default, flag_value and type parameters for flag options, as well as parsing and normalization of environment variables.

... (truncated)

Commits

• 1d038f2 release version 8.3.1
• 03f3889 Fix Ruff UP038 warning (#3141)
• 3867781 Fix Ruff UP038 warning
• b91bb95 Provide altered context to callbacks to hide UNSET values as None (#3137)
• 437e1e3 Temporarily provide a fake context to the callback to hide UNSET values as ...
• ea70da4 Don't test using a file in docs/ (#3102)
• e27b307 Make uv run --all-extras pyright --verifytypes click pass (#3072)
• a92c573 Fix test_edit to work with BSD sed (#3129)
• bd131e1 Fix test_edit to work with BSD sed
• 0b5c6b7 Add Best practices section (#3127)
• Additional commits viewable in compare view

Updates python-dotenv to 1.2.1

Release notes

Sourced from python-dotenv's releases.

v1.2.1

What's Changed

• Support reading .env from FIFOs (Unix) by @​sidharth-sudhir in theskumar/python-dotenv#586
• Update CI to use trusted publishing on PyPI

New Contributors

• @​sidharth-sudhir made their first contribution in theskumar/python-dotenv#586

Full Changelog: theskumar/python-dotenv@v1.2.0...v1.2.1

Changelog

Sourced from python-dotenv's changelog.

[1.2.1] - 2025-10-26

• Move more config to pyproject.toml, removed setup.cfg
• Add support for reading .env from FIFOs (Unix) by [@​sidharth-sudhir] in #586

[1.2.0] - 2025-10-26

• Upgrade build system to use PEP 517 & PEP 518 to use build and pyproject.toml by [@​EpicWink] in #583
• Add support for Python 3.14 by [@​23f3001135] in #579
• Add support for disabling of load_dotenv() using PYTHON_DOTENV_DISABLED env var. by [@​matthewfranglen] in #569

[1.1.1] - 2025-06-24

Fixed

• CLI: Ensure find_dotenv work reliably on python 3.13 by [@​theskumar] in #563
• CLI: revert the use of execvpe on Windows by [@​wrongontheinternet] in #566

[1.1.0] - 2025-03-25

Feature

• Add support for python 3.13
• Enhance dotenv run, switch to execvpe for better resource management and signal handling (#523) by [@​eekstunt]

Fixed

• find_dotenv and load_dotenv now correctly looks up at the current directory when running in debugger or pdb (#553 by [@​randomseed42])

Misc

• Drop support for Python 3.8

[1.0.1] - 2024-01-23

Fixed

• Gracefully handle code which has been imported from a zipfile (#456 by [@​samwyma])
• Allow modules using load_dotenv to be reloaded when launched in a separate thread (#497 by [@​freddyaboulton])
• Fix file not closed after deletion, handle error in the rewrite function (#469 by [@​Qwerty-133])

Misc

• Use pathlib.Path in tests (#466 by [@​eumiro])
• Fix year in release date in changelog.md (#454 by [@​jankislinger])
• Use https in README links (#474 by [@​Nicals])

[1.0.0] - 2023-02-24

Fixed

... (truncated)

Commits

• eaf2a91 Do not remove .coverage file
• 8716196 Bump version: 1.2.0 → 1.2.1
• b87807f Update changelog
• 3af77d3 Support reading .env from FIFOs (Unix) (#586)
• 467ee22 Fix test failures after moving config to pyproject.toml
• 76999e7 Move more config pyproject.toml
• 222ce2c Update to use trusted publisher on pypi
• 8ed4f79 Update docs requirements
• 5bf8822 Bump version: 1.1.1 → 1.2.0
• 1fe11cc upadate changelog
• Additional commits viewable in compare view

Updates globus-sdk to 4.3.1

Release notes

Sourced from globus-sdk's releases.

v4.3.1

Fixed

• The type of scope_requirements in the init signature for ClientApp has been expanded to typing.Mapping to match other locations where a scope_requirements mapping is accepted. (#1360)

Development

• Update the Streams-related type annotations to accept UUIDs. (#1353)

Changelog

Sourced from globus-sdk's changelog.

v4.3.1 (2026-01-14)

Fixed

• The type of scope_requirements in the init signature for ClientApp has been expanded to typing.Mapping to match other locations where a scope_requirements mapping is accepted. (:pr:1360)

Development

• Update the Streams-related type annotations to accept UUIDs. (:pr:1353)

.. _changelog-4.3.0:

v4.3.0 (2025-12-17)

Added

• Added support to the TransferClient for the Streams API (:pr:1351)

  • CreateTunnelData is a payload builder for tunnel creation documents
  • TransferClient.create_tunnel() supports tunnel creation
  • TransferClient.update_tunnel() supports updates to a tunnel
  • TransferClient.get_tunnel() fetches a tunnel by ID
  • TransferClient.delete_tunnel() deletes a tunnel
  • TransferClient.list_tunnels() fetches all of the current user's tunnels
  • TransferClient.get_stream_access_point() fetches a Stream Access Point by ID

.. _changelog-4.2.0:

v4.2.0 (2025-12-03)

Python Support

• Add support for Python 3.14. (:pr:1340)

• Remove support for Python 3.8. (:pr:1341)

Added

• GlobusApp and SDK client classes now support usage as context managers, and feature a new close() method to close internal resources.

... (truncated)

Commits

• fb6e7ca Release v4.3.1 (#1364)
• ae4fa34 Bump version and changelog for release
• ed9a189 Document that GlobusApp always requests openid (#1362)
• ee27c96 (actions) update PR references
• 29e67c7 Fix incorrect type in ClientApp init signature (#1360)
• c76cf83 Remove an incorrect documented default (#1361)
• 1befb1b Document that GlobusApp always requests openid
• c1a498c Remove an incorrect documented default
• 91837ea Fix incorrect type in ClientApp init signature
• c8f27b8 [pre-commit.ci] pre-commit autoupdate (#1357)
• Additional commits viewable in compare view

Updates sphinx to 9.1.0

Release notes

Sourced from sphinx's releases.

Sphinx 9.1.0

Changelog: https://www.sphinx-doc.org/en/master/changes.html

Dependencies

• #14153: Drop Python 3.11 support.
• #12555: Drop Docutils 0.20 support. Patch by Adam Turner

Features added

• Add add_static_dir() for copying static assets from extensions to the build output. Patch by Jared Dillard

Bugs fixed

• #14189: autodoc: Fix duplicate :no-index-entry: for modules. Patch by Adam Turner
• #13713: Fix compatibility with MyST-Parser. Patch by Adam Turner
• Fix tests for Python 3.15. Patch by Adam Turner
• #14089: autodoc: Fix default option parsing. Patch by Adam Turner
• Remove incorrect static typing assertions. Patch by Adam Turner
• #14050: LaTeXTranslator fails to build documents using the "acronym" standard role. Patch by Günter Milde
• LaTeX: Fix rendering for grid filled merged vertical cell. Patch by Tim Nordell
• #14228: LaTeX: Fix overrun footer for cases of merged vertical table cells. Patch by Tim Nordell
• #14207: Fix creating HTMLThemeFactory objects in third-party extensions. Patch by Adam Turner
• #3099: LaTeX: PDF build crashes if a code-block contains more than circa 1350 codelines (about 27 a4-sized pages at default pointsize). Patch by Jean-François B.
• #14064: LaTeX: TABs ending up in sphinxVerbatim fail to obey tab stops. Patch by Jean-François B.
• #14089: autodoc: Improve support for non-weakreferencable objects. Patch by Adam Turner
• LaTeX: Fix accidental removal at 3.5.0 (#8854) of the documentation of literalblockcappos key of sphinxsetup. Patch by Jean-François B.

Changelog

Sourced from sphinx's changelog.

Release 9.1.0 (released Dec 31, 2025)

Dependencies

• #14153: Drop Python 3.11 support.
• #12555: Drop Docutils 0.20 support. Patch by Adam Turner

Features added

• Add :meth:~sphinx.application.Sphinx.add_static_dir for copying static assets from extensions to the build output. Patch by Jared Dillard

Bugs fixed

• #14189: autodoc: Fix duplicate :no-index-entry: for modules. Patch by Adam Turner
• #13713: Fix compatibility with MyST-Parser. Patch by Adam Turner
• Fix tests for Python 3.15. Patch by Adam Turner
• #14089: autodoc: Fix default option parsing. Patch by Adam Turner
• Remove incorrect static typing assertions. Patch by Adam Turner
• #14050: LaTeXTranslator fails to build documents using the "acronym" standard role. Patch by Günter Milde
• LaTeX: Fix rendering for grid filled merged vertical cell. Patch by Tim Nordell
• #14228: LaTeX: Fix overrun footer for cases of merged vertical table cells. Patch by Tim Nordell
• #14207: Fix creating HTMLThemeFactory objects in third-party extensions. Patch by Adam Turner
• #3099: LaTeX: PDF build crashes if a code-block contains more than circa 1350 codelines (about 27 a4-sized pages at default pointsize). Patch by Jean-François B.
• #14064: LaTeX: TABs ending up in sphinxVerbatim fail to obey tab stops. Patch by Jean-François B.
• #14089: autodoc: Improve support for non-weakreferencable objects. Patch by Adam Turner
• LaTeX: Fix accidental removal at 3.5.0 (#8854) of the documentation of literalblockcappos key of :ref:'sphinxsetup' <latexsphinxsetup>. Patch by Jean-François B.

Commits

• cc7c6f4 Bump to 9.1.0 final
• b127b94 Add app.add_static_dir() for copying extension static files (#14219)
• 20f1c46 LaTeX: Inhibit breaks for rows with merged vertical cells (#14227)
• 3c85411 Polish CHANGES.rst (#14225)
• 9ee5446 LaTeX: restore 1.7 documentation of literalblockcappos (#14224)
• d75d602 LaTeX: improve (again...) some code comments in time for 9.1.0 (#14222)
• 8dca61d Improve some LaTeX code comments (#14220)
• 8ab9600 Bump to 9.1.0 candidate 2
• d59b237 autodoc: Improve support for non-weakreferencable objects
• 964424b Use the correct reference for using existing extensions (#14157)
• Additional commits viewable in compare view

Updates gunicorn to 24.1.1

Release notes

Sourced from gunicorn's releases.

24.1.1

Bug Fixes

• Fix forwarded_allow_ips and proxy_allow_ips to remain as strings for backward compatibility with external tools like uvicorn. Network validation now uses strict mode to detect invalid CIDR notation (e.g., 192.168.1.1/24 where host bits are set) (#3458, [PR #3459](benoitc/gunicorn#3459))

---

Full Changelog: benoitc/gunicorn@24.1.0...24.1.1

Commits

• 375e79e release: bump version to 24.1.1
• ad0c12d docs: add sponsors section to README
• 70200ee chore: add GitHub Sponsors funding configuration
• 6841804 docs: remove incorrect PR reference from Docker changelog entry
• abce0ca docs: add 24.1.1 changelog entry for forwarded_allow_ips fix
• e9a3f30 fix: keep forwarded_allow_ips as strings for backward compatibility (#3459)
• d73ff4b docs: update main changelog with 24.1.0
• 53f2c31 ci: allow docs deploy on workflow_dispatch
• eab5f0b ci: trigger Docker publish on tags with or without v prefix
• a20d3fb docs: add Docker image to 24.1.0 changelog
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions