build(deps): bump the production-dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the production-dependencies group with 4 updates in the /docs directory: myst-parser, pyparsing, sphinx-rtd-theme and urllib3.

Updates myst-parser from 4.0.1 to 5.0.0

Release notes

Sourced from myst-parser's releases.

v5.0.0

MyST-Parser 5.0.0

Release Date: 2026-01-15

This release significantly bumps the supported versions of core dependencies:

‼️ Breaking Changes

This release updates the minimum supported versions:

• Python: >=3.11 (dropped Python 3.10, tests up to 3.14)
• Sphinx: >=8,<10 (dropped Sphinx 7, added Sphinx 9)
• Docutils: >=0.20,<0.23 (dropped docutils 0.19, added docutils 0.22)
• markdown-it-py: ~=4.0 (upgraded from v3)

⬆️ Dependency Upgrades

• ⬆️ Upgrade to markdown-it-py v4 by @​chrisjsewell in #1060
• ⬆️ Drop Python 3.10 and Sphinx 7 by @​chrisjsewell in #1059
• ⬆️ Drop docutils 0.19 by @​chrisjsewell in #1061
• ⬆️ Add support for Python 3.14 by @​chrisjsewell in #1075
• ⬆️ Support Sphinx v9 by @​chrisjsewell in #1076
• ⬆️ Allow docutils 0.22 by @​chrisjsewell in #1084

👌 Improvements

• 👌 Improve generation of meta nodes by @​AA-Turner in #1080

📚 Documentation

• 📚 Fix typo in tables.md by @​electricalgorithm in #1034
• 📚 Fix minor typo in cross-referencing.md by @​krassowski in #1036

🔧 Internal / Maintenance

• 🔧 Update pre-commit by @​chrisjsewell in #1058
• 🔧 Add AGENTS.md by @​chrisjsewell in #1083

Full Changelog: v4.0.1...v5.0.0

Changelog

Sourced from myst-parser's changelog.

5.0.0 - 2026-01-15

This release significantly bumps the supported versions of core dependencies:

‼️ Breaking Changes

This release updates the minimum supported versions:

• Python: >=3.11 (dropped Python 3.10, tests up to 3.14)
• Sphinx: >=8,<10 (dropped Sphinx 7, added Sphinx 9)
• Docutils: >=0.20,<0.23 (dropped docutils 0.19, added docutils 0.22)
• markdown-it-py: ~=4.0 (upgraded from v3)

⬆️ Dependency Upgrades

• ⬆️ Upgrade to markdown-it-py v4 by gh-user:chrisjsewell in gh-pr:1060
• ⬆️ Drop Python 3.10 and Sphinx 7 by gh-user:chrisjsewell in gh-pr:1059
• ⬆️ Drop docutils 0.19 by gh-user:chrisjsewell in gh-pr:1061
• ⬆️ Add support for Python 3.14 by gh-user:chrisjsewell in gh-pr:1075
• ⬆️ Support Sphinx v9 by gh-user:chrisjsewell in gh-pr:1076
• ⬆️ Allow docutils 0.22 by gh-user:chrisjsewell in gh-pr:1084

👌 Improvements

• 👌 Improve generation of meta nodes by gh-user:AA-Turner in gh-pr:1080

📚 Documentation

• 📚 Fix typo in tables.md by gh-user:electricalgorithm in gh-pr:1034
• 📚 Fix minor typo in cross-referencing.md by gh-user:krassowski in gh-pr:1036

🔧 Internal / Maintenance

• 🔧 Update pre-commit by gh-user:chrisjsewell in gh-pr:1058
• 🔧 Add AGENTS.md by gh-user:chrisjsewell in gh-pr:1083

Full Changelog: v4.0.1...v5.0.0

Commits

• a139a1f 🚀 Release v5.0.0 (#1085)
• 5405110 [pre-commit.ci] pre-commit autoupdate (#1071)
• 19512c0 ⬆️ Allow docutils 0.22 (#1084)
• a9e529f ⬆️ Support Sphinx v9 (#1076)
• fcf78ca 👌 Improve generation of meta nodes (#1080)
• e0fc7a3 🔧 Add AGENTS.md (#1083)
• 59d5384 ⬆️ Add support for Python 3.14 (#1075)
• 7b7d961 ⬆️ Update pytest requirement from <9,>=8 to >=9,<10 (#1063)
• 3342a3c ⬆️ Update sphinxext-opengraph requirement from ~=0.9.0 to ~=0.13.0 (#1066)
• 2cf85de ⬆️ Update sphinxext-rediraffe requirement from ~=0.2.7 to ~=0.3.0 (#1064)
• Additional commits viewable in compare view

Updates pyparsing from 3.3.1 to 3.3.2

Changelog

Sourced from pyparsing's changelog.

Version 3.3.2 - January, 2026

• Defined pyparsing-specific warning classes so that they can be selectively enabled or disabled without affecting warnings raised by other libraries in the same Python app:

  • PyparsingWarning - base warning for all pyparsing-specific warnings (inherits from UserWarning)
  • PyparsingDeprecationWarning - warning for using deprecated features (inherits from PyparsingWarning and DeprecationWarning)
  • PyparsingDiagnosticWarning - warning raised when pyparsing diagnostics are enabled and a diagnostic feature is used (inherits from PyparsingWarning)

• Added as_datetime parse action to pyparsing.common - a more generalized version of the convert_to_datetime parse action (supports any expression that extracts date/time fields into "year", "month", "day", etc. results names), and validates that the parsed fields represent a valid date and time.

• Added iso8601_date_validated and iso8601_datetime_validated expressions to pyparsing.common, which return a Python datetime.datetime

• Various performance improvements in ParseResults class and core functions, with 10-20% performance overall.

• Added regex_inverter web page (using PyScript) to demonstrate using the inv_regex.py example.

• Expanded regex forms handled by the examples/inv_regex.py example:

  • named capturing groups (?P<name>)
  • partial repetition ({m,} and {,n})
  • negated character classes ([^...])

• Added SPy (Simplified Python) parser to examples.

Commits

• fa24016 Sync regex_inverter example from pyparsing
• ea22046 Updates to regex_inverter example: handle cancel during long max_results inte...
• 7df5c09 Sync regex_inverter example from pyparsing
• e862afa Add Regular Expressions Quick Reference to regex_inverter/index.html
• 6fdbd88 Sync regex_inverter example from pyparsing
• 5b33045 Add note in the regex inverter that only the 7-bit ASCII characters are used ...
• e403f2c Merge branch 'master' of https://github.com/pyparsing/pyparsing
• e7b5f1c Fix repo sync action in sync-regex-inverter.yml
• ea463fa Sync regex_inverter example from pyparsing
• afcbdac Change repetition instructions to use {,4} instead of {,10}
• Additional commits viewable in compare view

Updates sphinx-rtd-theme from 3.0.2 to 3.1.0

Changelog

Sourced from sphinx-rtd-theme's changelog.

3.1.0

• Added support for docutils 0.22
• Added support for Sphinx 9.x

.. _release-3.1.0rc2:

3.1.0rc2

• Added support for docutils 0.22

.. _release-3.1.0rc1:

3.1.0rc1

• Added support for Sphinx 9.x

.. _release-3.0.2:

Commits

• 795de79 Release 3.1.0 (#1676)
• 66d0fdd Add Python 3.14 to the test suite (#1668)
• fbe5e60 3.1.0rc2 with support for docutils 0.22 (#1674)
• a76174c Add support for docutils 0.22 (#1671)
• 20733c3 Add support for Sphinx 9.0.0 (#1666)
• 71aacd3 Update Code of Conduct URL (#1664)
• 5a26375 Run tests and build docs with Sphinx 8.2 (#1640)
• 8d4d394 Sidebar should not be floating on mobile (#1622)
• See full diff in compare view

Updates urllib3 from 2.6.2 to 2.6.3

Release notes

Sourced from urllib3's releases.

2.6.3

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

• Fixed a security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (CVE-2026-21441 reported by @​D47A, 8.9 High, GHSA-38jv-5279-wg99)
• Started treating Retry-After times greater than 6 hours as 6 hours by default. (urllib3/urllib3#3743)
• Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten. (urllib3/urllib3#3752)

Changelog

Sourced from urllib3's changelog.

2.6.3 (2026-01-07)

• Fixed a high-severity security issue where decompression-bomb safeguards of the streaming API were bypassed when HTTP redirects were followed. (GHSA-38jv-5279-wg99 <https://github.com/urllib3/urllib3/security/advisories/GHSA-38jv-5279-wg99>__)
• Started treating Retry-After times greater than 6 hours as 6 hours by default. ([#3743](https://github.com/urllib3/urllib3/issues/3743) <https://github.com/urllib3/urllib3/issues/3743>__)
• Fixed urllib3.connection.VerifiedHTTPSConnection on Emscripten. ([#3752](https://github.com/urllib3/urllib3/issues/3752) <https://github.com/urllib3/urllib3/issues/3752>__)

Commits

• 0248277 Release 2.6.3
• 8864ac4 Merge commit from fork
• 70cecb2 Fix Scorecard issues related to vulnerable dev dependencies (#3755)
• 41f249a Move "v2.0 Migration Guide" to the end of the table of contents (#3747)
• fd4dffd Patch VerifiedHTTPSConnection for Emscripten (#3752)
• 13f0bfd Handle massive values in Retry-After when calculating time to sleep for (#3743)
• 8c480bf Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#3748)
• 4b40616 Bump actions/cache from 4.3.0 to 5.0.1 (#3750)
• 82b8479 Bump actions/download-artifact from 6.0.0 to 7.0.0 (#3749)
• 34284cb Mention experimental features in the security policy (#3746)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions