[Tech] Python - Bump the non-major-dependencies group across 1 directory with 12 updates

[dependabot]

Bumps the non-major-dependencies group with 12 updates in the /pipeline directory:

Package	From	To
pre-commit	4.5.1	4.6.0
scrapy	2.14.2	2.15.0
geoalchemy2	0.18.4	0.19.0
pytest	9.0.2	9.0.3
css-inline	0.20.0	0.20.2
pypdf	6.9.2	6.10.2
clickhouse-connect	0.14.1	0.15.1
duckdb	1.5.1	1.5.2
plotly	6.6.0	6.7.0
matplotlib	3.10.8	3.10.9
sphinx-autoapi	3.6.1	3.8.0
greenlet	3.2.3	3.4.0

Updates pre-commit from 4.5.1 to 4.6.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.6.0

Features

• pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.
  • #3662 PR by @​asottile.

Fixes

• pre-commit hook-impl: --hook-type is required.
  • #3661 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.6.0 - 2026-04-21

Features

• pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.
  • #3662 PR by @​asottile.

Fixes

• pre-commit hook-impl: --hook-type is required.
  • #3661 PR by @​asottile.

Commits

• f35134b v4.6.0
• 2a51ffc Merge pull request #3662 from pre-commit/hook-impl-optional-hook-dir
• d7dee32 make --hook-dir optional for hook-impl
• 965aeb1 Merge pull request #3661 from pre-commit/hook-impl-required
• 2eacc06 --hook-type is required for hook-impl
• f5678bf Merge pull request #3657 from pre-commit/pre-commit-ci-update-config
• 054cc5b [pre-commit.ci] pre-commit autoupdate
• 5c0f302 Merge pull request #3652 from pre-commit/pre-commit-ci-update-config
• a5d9114 [pre-commit.ci] pre-commit autoupdate
• 129a1f5 Merge pull request #3641 from pre-commit/mxr-patch-1
• Additional commits viewable in compare view

Updates scrapy from 2.14.2 to 2.15.0

Release notes

Sourced from scrapy's releases.

2.15.0

• Experimental support for running without a Twisted reactor
• Experimental httpx-based download handler

Full Changelog

Changelog

Sourced from scrapy's changelog.

Scrapy 2.15.0 (2026-04-09)

Highlights:

• Experimental support for running without a Twisted reactor

• Experimental httpx-based download handler

Backward-incompatible changes

-   The built-in HTTP :ref:`download handlers <download-handlers-ref>` now
    raise Scrapy-specific exceptions instead of implementation-specific ones,
    see :ref:`download-handlers-exceptions`. This can affect user code that
    handles downloader exceptions, such as ``process_exception()`` methods of
    custom :ref:`downloader middlewares <topics-downloader-middleware-custom>`.
    (:issue:`7208`)


In order to fix a long-standing bug with handling of asynchronous storages,

the following changes were made to media pipeline classes, which can impact

some of the user code that subclasses them or calls their methods directly:


overrides of :meth:scrapy.pipelines.media.MediaPipeline.media_downloaded

and :meth:~scrapy.pipelines.files.FilesPipeline.file_downloaded can now

return coroutines


:meth:~scrapy.pipelines.files.FilesPipeline.media_downloaded,

:meth:~scrapy.pipelines.files.FilesPipeline.file_downloaded and

:meth:~scrapy.pipelines.images.ImagesPipeline.image_downloaded now

return coroutines


(:issue:2183, :issue:6369, :issue:7182)


Request and Response objects: __slots__ and setter changes:


:class:scrapy.http.Request and :class:scrapy.http.Response now

define __slots__. Assigning arbitrary attributes to instances (for

example, response.foo = 1) will raise AttributeError. Store

per-request/response data in the request/response meta mapping

instead of attaching new attributes to the objects.


If you maintain custom Request or Response subclasses that

relied on dynamic instance attributes, either add '__dict__' to

your subclass __slots__ to allow dynamic attributes, or migrate

per-instance state to meta or explicit documented attributes.


The setters for headers, flags and cookies no longer coerce

falsy values into None. For example, request.headers = {} now

stores an empty :class:scrapy.http.headers.Headers instance (not

</tr></table>

... (truncated)

Commits

• 47e25fb Bump version: 2.14.2 → 2.15.0
• 1432455 Add a missing release notes change.
• 7e881ce Release notes for 2.15.0 (#7373)
• b68f267 Fix DownloaderAwarePriorityQueue tie-breaking across slots (#7351)
• 2b174e3 Silence the CertificateOptions method warning. (#7410)
• b9be5ce Reactorless shell and other small shell improvements (#7395)
• 5b37613 Improve commands (#7376)
• 13a014d Response now uses less memory (#7374)
• 9fffcc1 Optimize SitemapSpider memory usage (#7007)
• a4377f9 Rename DNS_RESOLVER to TWISTED_DNS_RESOLVER (#7361)
• Additional commits viewable in compare view

Updates geoalchemy2 from 0.18.4 to 0.19.0

Release notes

Sourced from geoalchemy2's releases.

0.19.0

What's Changed

• CI: Fix triggers after default branch was renamed main by @​adrien-berchet in geoalchemy/geoalchemy2#593
• Accept leading '+' in WKT coords and fix Comparator >> docstring by @​adrien-berchet in geoalchemy/geoalchemy2#594
• [pre-commit.ci] pre-commit autoupdate by @​pre-commit-ci[bot] in geoalchemy/geoalchemy2#595
• CI: Fix Too many connections errors in MySQL and MariaDB by @​adrien-berchet in geoalchemy/geoalchemy2#597
• Fix: Ensure _GISType.column_expression is compatible with TypeDecorator by @​adrien-berchet in geoalchemy/geoalchemy2#598
• Release: 0.19.0 by @​adrien-berchet in geoalchemy/geoalchemy2#599

Full Changelog: geoalchemy/geoalchemy2@0.18.4...0.19.0

Changelog

Sourced from geoalchemy2's changelog.

0.19.0

• Fix: Ensure _GISType.column_expression is compatible with TypeDecorator - @​adrien-berchet (#598)
• Fix: Improve WKT parsing and fix comparator doc typo - @​adrien-berchet (#594)
• CI: Fix Too many connections errors in MySQL and MariaDB - @​adrien-berchet (#597)
• CI: Fix triggers after default branch was renamed main - @​adrien-berchet (#593)

Commits

• 792cc5e Release: 0.19.0 (#599)
• 9d17680 Fix: Ensure _GISType.column_expression is compatible with TypeDecorator (#598)
• 3d4d8ec CI: Fix Too many connections errors in MySQL and MariaDB (#597)
• b5d6336 [pre-commit.ci] pre-commit autoupdate (#595)
• 187f092 Improve WKT parsing and fix comparator doc typo (#594)
• dce1bb1 CI: Fix triggers after default branch was renamed main (#593)
• See full diff in compare view

Updates pytest from 9.0.2 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Updates css-inline from 0.20.0 to 0.20.2

Release notes

Sourced from css-inline's releases.

[C] Release 0.20.2

Fixed

• inline_fragment silently returning only whitespace when the input starts with whitespace or contains structural HTML tags (<html>, <head>, <body>, <style>). #692 #693

[Java] Release 0.20.2

Added

• CssInline.inline(String html, String css) convenience overload for applying a CSS string to a full HTML document. #693

Fixed

• inlineFragment silently returning only whitespace when the input starts with whitespace or contains structural HTML tags (<html>, <head>, <body>, <style>). #692 #693

[JavaScript] Release 0.20.2

Fixed

• inlineFragment silently returning only whitespace when the input starts with whitespace or contains structural HTML tags (<html>, <head>, <body>, <style>). #692 #693

[PHP] Release 0.20.2

Fixed

• inline_fragment silently returning only whitespace when the input starts with whitespace or contains structural HTML tags (<html>, <head>, <body>, <style>). #692 #693

[Python] Release 0.20.2

Fixed

• inline_fragment silently returning only whitespace when the input starts with whitespace or contains structural HTML tags (<html>, <head>, <body>, <style>). #692 #693

[Ruby] Release 0.20.2

Fixed

• inline_fragment silently returning only whitespace when the input starts with whitespace or contains structural HTML tags (<html>, <head>, <body>, <style>). #692 #693

[Rust] Release 0.20.2

Fixed

• inline_fragment silently returning only whitespace when the input starts with whitespace or contains structural HTML tags (<html>, <head>, <body>, <style>). #692 #693

[C] Release 0.20.1

Changed

• Update html5ever to 0.39.
• Update selectors to 0.36.

Fixed

• !important lost when inlining styles onto elements with existing inline style attributes. #682
• !important lost when minify_css is enabled due to separator mismatch during property lookup. #682

... (truncated)

Changelog

Sourced from css-inline's changelog.

[0.20.2] - 2026-04-02

Fixed

• inline_fragment silently returning only whitespace when the input starts with whitespace or contains structural HTML tags (<html>, <head>, <body>, <style>). #692 #693

[0.20.1] - 2026-03-26

Changed

• Update html5ever to 0.39.
• Update selectors to 0.36.

Fixed

• !important lost when inlining styles onto elements with existing inline style attributes. #682
• !important lost when minify_css is enabled due to separator mismatch during property lookup. #682

Commits

• 2179596 chore(c): Release 0.20.2
• ad7c8da chore(python): Release 0.20.2
• adb3e7b docs: Update changelogs
• 5beb478 feat: CssInline.inline(String html, String css) convenience overload for ap...
• d37dce9 build(deps): bump lodash from 4.17.23 to 4.18.1 in /bindings/javascript
• 7620ae9 docs: Clarify inline vs inline_fragment behavior
• 5e9e60f build(deps): update wasm-bindgen requirement in /bindings/javascript
• 052d475 fix: inline_fragment silently returning only leading whitespace when the in...
• 3edcec4 build(deps): update wasm-bindgen requirement in /bindings/javascript
• f0d8770 chore(php): Release 0.20.1
• Additional commits viewable in compare view

Updates pypdf from 6.9.2 to 6.10.2

Release notes

Sourced from pypdf's releases.

Version 6.10.2, 2026-04-15

What's new

Security (SEC)

• Do not rely on possibly invalid /Size for incremental cloning (#3735) by @​stefan6419846
• Introduce limits for FlateDecode parameters and image decoding (#3734) by @​stefan6419846

Full Changelog

Version 6.10.1, 2026-04-14

What's new

Security (SEC)

• Limit the allowed size of xref and object streams (#3733) by @​stefan6419846

Robustness (ROB)

• Consider strict mode setting for decryption errors (#3731) by @​stefan6419846

Documentation (DOC)

• Use new parameter names for compress_identical_objects by @​stefan6419846

Full Changelog

Version 6.10.0, 2026-04-10

What's new

Security (SEC)

• Disallow custom XML entity declarations for XMP metadata (#3724) by @​stefan6419846

New Features (ENH)

• Skip MD5 key derivation for AES-256 encrypted PDFs (#3694) by @​Ygnas

Bug Fixes (BUG)

• Use remove_orphans in compress_identical_objects (#3310) by @​j-t-1
• Fix PdfReadError when xref table contains comments before trailer (#3710) by @​rassie
• Correctly verify AES padding during decryption (#3699) by @​stefan6419846
• Fix stale object cache from non-authoritative object streams (#3698) by @​astahlman
• Fix extract_links pairing when annotations include non-links (#3687) by @​ReinerBRO

Documentation (DOC)

• Add AI policy (#3717) by @​stefan6419846

Full Changelog

Changelog

Sourced from pypdf's changelog.

Version 6.10.2, 2026-04-15

Security (SEC)

• Do not rely on possibly invalid /Size for incremental cloning (#3735)
• Introduce limits for FlateDecode parameters and image decoding (#3734)

Full Changelog

Version 6.10.1, 2026-04-14

Security (SEC)

• Limit the allowed size of xref and object streams (#3733)

Robustness (ROB)

• Consider strict mode setting for decryption errors (#3731)

Documentation (DOC)

• Use new parameter names for compress_identical_objects

Full Changelog

Version 6.10.0, 2026-04-10

Security (SEC)

• Disallow custom XML entity declarations for XMP metadata (#3724)

New Features (ENH)

• Skip MD5 key derivation for AES-256 encrypted PDFs (#3694)

Bug Fixes (BUG)

• Use remove_orphans in compress_identical_objects (#3310)
• Fix PdfReadError when xref table contains comments before trailer (#3710)
• Correctly verify AES padding during decryption (#3699)
• Fix stale object cache from non-authoritative object streams (#3698)
• Fix extract_links pairing when annotations include non-links (#3687)

Documentation (DOC)

• Add AI policy (#3717)

Full Changelog

Commits

• c476b4f REL: 6.10.2
• c50a010 SEC: Do not rely on possibly invalid /Size for incremental cloning (#3735)
• ac734da SEC: Introduce limits for FlateDecode parameters and image decoding (#3734)
• b49e7eb REL: 6.10.1
• 62338e9 SEC: Limit the allowed size of xref and object streams (#3733)
• 5dcc0ae DEV: Update pytest-benchmark to 5.2.3
• b42e4aa DEV: Update pinned pillow and pytest where possible (#3732)
• 717446b ROB: Consider strict mode setting for decryption errors (#3731)
• 9e461d3 DEV: Bump softprops/action-gh-release from 2 to 3 (#3730)
• 500d09d TST: Update test_embedded_file__basic to use tmp_path fixture (#3726)
• Additional commits viewable in compare view

Updates clickhouse-connect from 0.14.1 to 0.15.1

Release notes

Sourced from clickhouse-connect's releases.

v0.15.1

Bug Fixes

• Use timezone from parameter type hint instead of server_tz when formatting tz-aware datetimes in {param:Type} bind expressions. Fixes #697

v0.15.0

Improvements

• Comprehensive ClickHouse JOIN support in SQLAlchemy via ch_join() with all strictness/distribution modifiers and USING syntax (#635, #636)
• Multi-column array_join() for parallel array expansion (#633)
• Add missing Replicated engine variants (ReplicatedReplacingMergeTree, etc.) (#687)
• Lazy imports for numpy, pandas, pyarrow, and polars, ~4x faster bare import time (#589)

Bug Fixes

• Fix .final() and .sample() silently overwriting each other when chained (#658)
• Fix sqlalchemy.values() to emit ClickHouse VALUES table function syntax (#681)
• Fix GraphiteMergeTree to properly quote config_section argument

Other

• Remove py.typed marker that was causing false type errors for mypy/pyright users (#691)

Full Changelog: ClickHouse/clickhouse-connect@v0.14.1...v0.15.0

Changelog

Sourced from clickhouse-connect's changelog.

0.15.1, 2026-03-30

Bug Fixes

• Use timezone from parameter type hint instead of server_tz when formatting tz-aware datetimes in {param:Type} bind expressions. Previously, bind_query always converted datetimes to the server timezone, ignoring explicit timezone declarations in type hints like DateTime64(6, 'UTC'). This caused incorrect query results when server_tz differed from the hint timezone. Handles LowCardinality, Nullable, and container type wrappers. Fixes #697

0.15.0, 2026-03-26

Improvements

• SQLAlchemy: Comprehensive ClickHouse JOIN support via the new ch_join() helper. All strictness modifiers (ALL, ANY, SEMI, ANTI, ASOF), the GLOBAL distribution modifier, and explicit CROSS JOIN are now available. Use with select_from() to generate ClickHouse-specific join syntax like GLOBAL ALL LEFT OUTER JOIN. Closes #635
• SQLAlchemy: array_join() now supports multiple columns for parallel array expansion. Pass a list of columns and a matching list of aliases to generate ARRAY JOIN col1 AS a, col2 AS b, col3 AS c. Single-column usage is unchanged. Closes #633
• SQLAlchemy: ch_join() now supports USING syntax via the new using parameter. Pass a list of column name strings to generate USING (col1, col2) instead of ON. This is important for FULL OUTER JOIN where USING merges the join column correctly while ON produces default values (0, '') for unmatched sides. Closes #636
• SQLAlchemy: Add missing Replicated table engine variants: ReplicatedReplacingMergeTree, ReplicatedCollapsingMergeTree, ReplicatedVersionedCollapsingMergeTree, and ReplicatedGraphiteMergeTree. Closes #687
• Lazy imports for optional dependencies (numpy, pandas, pyarrow, polars). If installed, these heavy libraries are no longer imported at import clickhouse_connect time. They are only imported when features that need them are actually used. The C/Numpy optimization bridge is also deferred. This speeds up bare import time of clickhouse-connect about 4X in environments where all four are installed. Closes #589

Other

• Remove py.typed marker file. The package does not have comprehensive type annotations, so the PEP 561 marker was causing false type errors for mypy/pyright users. Closes #691

Bug Fixes

• SQLAlchemy: Fix .final() and .sample() silently overwriting each other when chained. Both methods now store modifiers as custom attributes on the Select instance and render them during compilation, replacing the previous with_hint() approach that only allowed one hint per table. Chaining in either order (e.g. select(t).final().sample(0.1)) correctly produces FROM t FINAL SAMPLE 0.1. Also fixes rendering for aliased tables (FROM t AS u FINAL) and supports explicit table targeting in joins. Fixes #658
• SQLAlchemy: Fix sqlalchemy.values() to generate ClickHouse's VALUES table function syntax. The compiler now emits VALUES('col1 Type1, col2 Type2', ...) with the column structure as the first argument, instead of the standard SQL form that places column names after the alias. Generic SQLAlchemy types are mapped to ClickHouse equivalents (e.g. Integer to Int32, String to String). Also handles CTE usage by wrapping in SELECT * FROM VALUES(...). Fixes #681
• SQLAlchemy: Fix GraphiteMergeTree and ReplicatedGraphiteMergeTree to properly single-quote the config_section argument as ClickHouse requires.

Commits

• 05ec766 respect bind param tz type hints, bf release 0.15.1 prep
• c4c2a4e 0.15.0 release prep (#694)
• cd8cbf4 Joe/remove pytyped and other small cleanup issues (#693)
• 05859ef implement lazy loading of heavy optional deps (#689)
• 611161f SQLAlchemy core improvements (#688)
• 5fd16eb simple ddl support for a few new engine types (#690)
• a0e621c add Peter for reviews (#682)
• See full diff in compare view

Updates duckdb from 1.5.1 to 1.5.2

Release notes

Sourced from duckdb's releases.

v1.5.2 Bugfix Release

See the DuckDB core release notes here: https://github.com/duckdb/duckdb/releases/tag/v1.5.2

What's Changed in duckdb-python

• Type hints overhaul by @​OutSquareCapital in duckdb/duckdb-python#352
• Cache arrow schema for streaming types by @​evertlammerts in duckdb/duckdb-python#423
• Fix segfault on join with None by @​evertlammerts in duckdb/duckdb-python#422
• Fix stubs for path_or_buffer param by @​evertlammerts in duckdb/duckdb-python#425

Commits

• 2aea44e pin submodule at release hash
• 3aa2bf2 Fix stubs for path_or_buffer param (#425)
• 018fe05 Fix stubs for path_or_buffer param
• 0ef05d6 Fix segfault on join with None (#422)
• 4acb9f7 Fix segfault on join
• 6f161de Cache arrow schema for streaming types (#423)
• 87d6a31 Add CLAUDE.md
• ae356cb Cache the arrow schema for streams so we don't need an active client context
• b71639f Test that client context stays open on arrow streams
• 305d114 fix spark test (#421)
• Additional commits viewable in compare view

Updates plotly from 6.6.0 to 6.7.0

Release notes

Sourced from plotly's releases.

v6.7.0

Added

• Add facet_row support to px.imshow for creating subplots along an additional dimension [#5445], with thanks to @​FBumann for the contribution!

Fixed

• Update numpy.percentile syntax to stop using deprecated alias [#5483], with thanks to @​Mr-Neutr0n for the contribution!
  • numpy with a version less than 1.22 is no longer supported.
• Handle empty px.histogram by skipping None label in hover template [#5535], with thanks to @​tysoncung for the contribution!

Updated

• Update plotly.js from version 3.4.0 to version 3.5.0. See the plotly.js release notes for more information. [#5565]. Notable changes include:
  • Add hoveranywhere and clickanywhere layout attributes to enable emitting hover and click events anywhere in the plot area, not just over traces [#7707]
  • Add displayNotifier configuration property to set the display of notifier in the top right area of the viewport [#7730]
  • Update USA location lookup for scattergeo and choropleth traces to use both location names and abbreviations [#7731]

Changelog

Sourced from plotly's changelog.

[6.7.0] - 2026-04-09

Added

• Add facet_row support to px.imshow for creating subplots along an additional dimension [#5445], with thanks to @​FBumann for the contribution!

Fixed

• Update numpy.percentile syntax to stop using deprecated alias [#5483], with thanks to @​Mr-Neutr0n for the contribution!
  • numpy with a version less than 1.22 is no longer supported.
• Handle empty px.histogram by skipping None label in hover template [#5535], with thanks to @​tysoncung for the contribution!

Updated

• Update plotly.js from version 3.4.0 to version 3.5.0. See the plotly.js release notes for more information. [#5565]. Notable changes include:
  • Add hoveranywhere and clickanywhere layout attributes to enable emitting hover and click events anywhere in the plot area, not just over traces [#7707]
  • Add displayNotifier configuration property to set the display of notifier in the top right area of the viewport [#7730]
  • Update USA location lookup for scattergeo and choropleth traces to use both location names and abbreviations [#7731]

Commits

• 1a2065a Add missing attributions
• 8422e17 Add missing octothorpes
• fa9116f Update Jupyter Lab extension files
• c771ad5 Version changes for v6.7.0
• 067b954 Merge pull request #5565 from plotly/cam/update-plotly.js-v3.5.0
• 1b7de49 Update Jupyter support files
• d605d3e chore: Update plotly.js to v3.5.0
• 600f865 Merge pull request #5541 from plotly/migrate-to-gh-actions
• 10c7c56 Merge pull request #5518 from mosh3eb/fix/broken-license-link-readme
• ea813dd Merge branch 'main' into fix/broken-license-link-readme
• Additional commits viewable in compare view

Updates matplotlib from 3.10.8 to 3.10.9

Release notes

Sourced from matplotlib's releases.

v3.10.9

This is a micro release of the v3.10.x series. Highlights of this release include:

• Various minor bug and doc fixes
• Security hardening validation of cyclers - Removing eval usage
• Security hardening in Latex and PS calls - Removing shell escapes

Commits

• dd8d78b REL: v3.10.9
• 2fb1891 REL: Release prep v3.10.9
• d0e923a Merge branch 'v3.10.8-doc' into v3.10.x
• 1637932 Merge pull request #31558 from meeseeksmachine/auto-backport-of-pr-31556-on-v...
• a83faac Backport PR #31556: FIX: Inverted PyErr_Occurred check in enum type caster (_...
• a4f57ab Merge pull request #31545 from ksunden/backport-of-pr-31282-on-v3.10.x
• 063288d Merge pull request #31544 from ksunden/backport-of-pr-31248-on-v3.10.x
• b2ed196 Backport PR #31248: SEC: Remove eval() from validate_cycler
• acc6024 Merge pull request #31282 from scottshambaugh/tex_no_shell
• e3fb541 Merge pull request #31078 from meeseeksmachine/auto-backport-of-pr-31075-on-v...
• Additional commits viewable in compare view

Updates sphinx-autoapi from 3.6.1 to 3.8.0

Release notes

Sourced from sphinx-autoapi's releases.

v3.8.0

Features

• Autodoc-style directives can access members excluded by autoapi_options

Misc

• #553

v3.7.0

Features

• Added autoapi.import warning for when AutoAPI directives are given non-existent objects
• Adding autoapi_follow_symlinks, which allows api to traverse into symlinked directories when generating the API documentation.
• Drop support for Python 3.9 and officially support Python 3.14
• Support rendering PEP-695 type parameters

Bugfixes

• Render typing_extensions.TypeAlias like other type aliases (#520)
• Fix PythonFunction.overloads typing when source code overload(s) do not provide a return type (#523)

Misc

• Fix deprecation warnings raised by astroid and sphinx
• Handling case where match returns None to fix mypy unit test.

Changelog

Sourced from sphinx-autoapi's changelog.

v3.8.0 (2026-03-07)

Features ^^^^^^^^

• Autodoc-style directives can access members excluded by autoapi_options

Misc ^^^^

• #553

v3.7.0 (2026-02-10)

Features ^^^^^^^^

• Added autoapi.import warning for when AutoAPI directives are given non-existent objects
• Adding autoapi_follow_symlinks, which allows api to traverse into symlinked directories when generating the API documentation.
• Drop support for Python 3.9 and officially support Python 3.14
• Support rendering PEP-695 type parameters

Bugfixes ^^^^^^^^

• Render typing_extensions.TypeAlias like other type aliases (#520)
• Fix PythonFunction.overloads typing when source code overload(s) do not provide a return type (#523)

Misc ^^^^

• Fix deprecation warnings raised by astroid and sphinx
• Handling case where match returns None to fix mypy unit test.

Commits

• 75cbffd Version 3.8.0
• 7838cf6 Bump the github-actions group with 2 updates
• f1cdd30 Attempt to fix macos-latest build
• 34bb24c Autodoc-style directives can access members excluded by autoapi_options

[tristanrobert]

✅ Snyk checks have passed. No issues have been found so far.

Status	Scan Engine	Critical	High	Medium	Low	Total (0)
✅	Open Source Security	0	0	0	0	0 issues

💻 Catch issues earlier using the plugins for VS Code, JetBrains IDEs, Visual Studio, and Eclipse.

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud