build(deps): bump the minor-and-patch group with 10 updates

[dependabot]

Bumps the minor-and-patch group with 10 updates:

Package	From	To
certifi	2025.8.3	2025.10.5
furo	2025.7.19	2025.9.25
isort	6.0.1	6.1.0
authlib	1.6.4	1.6.5
cryptography	46.0.1	46.0.2
identify	2.6.14	2.6.15
nltk	3.9.1	3.9.2
pydantic	2.11.9	2.11.10
pydantic-core	2.33.2	2.40.1
typing-inspection	0.4.1	0.4.2

Updates certifi from 2025.8.3 to 2025.10.5

Commits

• fb14ac4 2025.10.05 (#371)
• 2c7c7ee Add Python 3.14 classifier in setup.py
• 1a5cb7b Bump actions/setup-python from 5.6.0 to 6.0.0 (#367)
• dea5960 Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 (#366)
• 83566b7 Bump actions/checkout from 4.2.2 to 5.0.0
• ca2e121 Bump actions/download-artifact from 4.3.0 to 5.0.0
• See full diff in compare view

Updates furo from 2025.7.19 to 2025.9.25

Changelog

Sourced from furo's changelog.

Changelog

2025.09.25 -- Gleaming Green

• Change the dark mode code back to native.

2025.07.19 -- Frozen Flame

• ✨ Switch to accessible-pygments themes
• ✨ Prefetch the sidebar logos
• ✨ Fix flickering header drop shadow on Safari
• Add rel=edit attribute to "Edit this page" link/icon
• Bump NodeJS and npm dependency versions
• Bump Saas & Webpack major versions
• Improve current page detection to be resilient to sticky elements above header
• Modernise Sass and use @use + @forward
• Remove top of code border-radius with captions
• Remove "debug printf" for headerTop value
• Use distinct images for light and dark mode in the documentation
• Use the modern Saas Modules

2024.08.06 -- Energetic Eminence

• ✨ Add support for Sphinx 8
• ✨ Add smoother transitions between breakpoints
• Increase specificity of table-wrapper selector
• Avoid page breaks inside paragraphs

2024.07.18 -- Dull Denim

• Improve how icons are handled and aligned.
• Improve scroll event handler.
• Hide the copybutton by default.
• Fix source_view_link configuration handling.
• Fix close tag on pencil icon.

2024.05.06 -- Cheerful Cerulean

• ✨ Add new custom icons for auto mode, reflecting the currently active theme.

... (truncated)

Commits

• 7c5f8fa Prepare release: 2025.09.25
• 8bfdc54 Update changelog
• d92b62f Switch the dark mode theme back to native
• 83c3446 Add Blender to "used by" section (#898)
• 426ea05 Remove old scrollbar selectors (#892)
• d22d31c Remove trailing slash on void elements (#895)
• f91944a Fix invalid HTML5 (#894)
• a1f74d8 Back to development
• See full diff in compare view

Updates isort from 6.0.1 to 6.1.0

Release notes

Sourced from isort's releases.

6.1.0

Changes

• Update docs discussions channel (#2410) @​staticdev
• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo
• Use working isort version in pre-commit example (#2402) @​iainelder
• fix typo in _get_files_from_dir_cached test (#2392) @​tiltingpenguin
• Resolve bandit warnings (#2379) @​kurtmckee
• Add tox for cross-platform, parallel test suite execution (#2378) @​kurtmckee
• Add Project URLs to PyPI Side Panel (#2387) @​guillermodotn
• Fix typos (#2376) @​co63oc

👷 Continuous Integration

• Add make bash scripts portable (#2377) @​staticdev

📦 Dependencies

• Bump actions/checkout from 4 to 5 in the github-actions group (#2406) @dependabot[bot]
• Bump astral-sh/setup-uv from 5 to 6 in the github-actions group (#2395) @dependabot[bot]

Changelog

Sourced from isort's changelog.

6.1.0 October 1 2025

• Add python 3.14 classifier and badge (#2409) @​staticdev
• Drop use of non-standard pkg_resources API (#2405) @​dvarrazzo

Commits

• ec0efae Merge pull request #2410 from PyCQA/docs/discussion
• 8af675f Update docs discussions channel
• a03dae8 Merge pull request #2409 from PyCQA/build/py314-classifier
• 2232a26 Add python 3.14 classifier and badge
• ec48dd7 Merge pull request #2405 from dvarrazzo/fix/drop-pkg-resources
• be46cd4 refactor: make importlib metadata package import lazy
• 18ecd0c chore: drop branch guarding unsupported Python versions
• 1d42e56 fix: drop use of non-standard pkg_resources API
• 0c8fc82 Merge pull request #2406 from PyCQA/dependabot/github_actions/github-actions-...
• 3478763 Bump actions/checkout from 4 to 5 in the github-actions group
• Additional commits viewable in compare view

Updates authlib from 1.6.4 to 1.6.5

Changelog

Sourced from authlib's changelog.

Version 1.6.5

Released on Oct 2, 2025

• RFC7591 generate_client_info and generate_client_secret take a request parameter.
• Add size limitation when decode JWS/JWE to prevent DoS.
• Add size limitation for DEF JWE zip algorithm.

Commits

• 9ec4256 chore: release 1.6.5
• b62b5b2 Merge branch 'fix-GHSA-pq5p-34cr-23v9'
• e0863d5 Merge pull request #830 from authlib/fix-GHSA-g7f3-828f-7h7m
• 867e3f8 fix(jose): add size limitation to prevent DoS
• 75ad6d4 Merge pull request #828 from authlib/dependabot/github_actions/dot-github/wor...
• 68b9823 chore(deps): bump SonarSource/sonarqube-scan-action
• 5bdfc4b Merge pull request #827 from lisongmin/support-list-params-in-prepare-grant-uri
• 30ea3c5 feat: support list params in prepare_grant_uri
• 4b5b570 fix(jose): add max size for JWE zip=DEF decompression
• 6e35a02 Merge pull request #825 from azmeuk/request-params
• Additional commits viewable in compare view

Updates cryptography from 46.0.1 to 46.0.2

Changelog

Sourced from cryptography's changelog.

46.0.2 - 2025-09-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.4.
.. _v46-0-1:

Commits

• 99efe5a bump version for 46.0.2 (#13531)
• See full diff in compare view

Updates identify from 2.6.14 to 2.6.15

Commits

• 31f8d82 v2.6.15
• 05b2674 Merge pull request #541 from wjt/piskel
• d34fd8a Add .piskel extension
• 729b41e Merge pull request #542 from Freso/pkgbuild-shell
• 49356f3 fix: make PKGBUILD files a superset of .bash
• 01a201f Merge pull request #540 from pre-commit/pre-commit-ci-update-config
• 2aa9828 [pre-commit.ci] pre-commit autoupdate
• 672764d Merge pull request #538 from pre-commit/pre-commit-ci-update-config
• faf2281 [pre-commit.ci] pre-commit autoupdate
• See full diff in compare view

Updates nltk from 3.9.1 to 3.9.2

Changelog

Sourced from nltk's changelog.

Version 3.9.2 2025-10-01

• Update download checksums to use SHA256 in built index
• Fix percentage escape in new-style string formatting
• replace shortened URLs using goo.gl
• Make Wordnet interoperable with various taggers and tagged corpora
• Fix saving PerceptronTagger
• Document how to reproduce old Wordnet studies
• properly initialize Portuguese corpus reader
• support for mixed rules conversion into Chomsky Normal Form
• only import tkinter if a GUI is needed
• issue #2112 with Corenlp
• new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL
• Lesk defaults to most frequent sense in case of ties

Thanks to the following contributors to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq, Christopher Smith, Ryan Mannion

Version 3.9.1 2024-08-19

• Fixed bug that prevented wordnet from loading

Version 3.9 2024-08-18

• Fix security vulnerability CVE-2024-39705 (breaking change)
• Replace pickled models (punkt, chunker, taggers) by new pickle-free "_tab" packages
• No longer sort Wordnet synsets and relations (sort in calling function when required)
• Only strip the last suffix in Wordnet Morphy, thus restricting synsets() results
• Add Python 3.12 support
• Many other minor fixes

Thanks to the following contributors to 3.8.2: Tom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins, Eric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.

Version 3.8.1 2023-01-02

• Resolve RCE vulnerability in localhost WordNet Browser (#3100)
• Remove unused tool scripts (#3099)
• Resolve XSS vulnerability in localhost WordNet Browser (#3096)
• Add Python 3.11 support (#3090)

Thanks to the following contributors to 3.8.1: Francis Bond, John Vandenberg, Tom Aarsen

Version 3.8 2022-12-12

• Refactor dispersion plot (#3082)
• Provide type hints for LazyCorpusLoader variables (#3081)
• Throw warning when LanguageModel is initialized with incorrect vocabulary (#3080)

... (truncated)

Commits

• 4e17ea3 Updates for 3.9.2
• 77ed66b Merge pull request #3425 from ekaf/ci-blank-data
• 13d6791 Update .github/workflows/ci.yml
• d2cf5d4 Ensure nltk_data path is in the environment
• 4473fde Test CI with no data
• 1f1614b Merge pull request #3349 from ShadokDuBas/fix/bug_ccg_logic_side_effect_on_le...
• 7e9779e Merge pull request #3419 from ekaf/hotfix-3416
• 83bd737 Merge pull request #3423 from purificant/_dependabot
• e96cce0 Merge pull request #3422 from purificant/_pre_commit
• bcf6ea6 Merge pull request #3421 from purificant/_py_versions
• Additional commits viewable in compare view

Updates pydantic from 2.11.9 to 2.11.10

Changelog

Sourced from pydantic's changelog.

v2.11.10 (2025-10-04)

GitHub release

What's Changed

Fixes

• Backport v1.10.24 changes by @​Viicos

Commits

• 162b806 Prepare release v2.11.10
• 1f59156 Backport v1.10.24 changes
• See full diff in compare view

Updates pydantic-core from 2.33.2 to 2.40.1

Release notes

Sourced from pydantic-core's releases.

v2.40.1 2025-10-02

What's Changed

• Reapply "Match return type of SerializationInfo.mode() to mode of model_dump() (#1770)" (#1797) by @​Viicos in pydantic/pydantic-core#1815
• Add quotes to field name in serialization warning by @​Viicos in pydantic/pydantic-core#1816
• Only create class instance after validation in ModelValidator.validate_construct() by @​Viicos in pydantic/pydantic-core#1818

Full Changelog: pydantic/pydantic-core@v2.40.0...v2.40.1

v2.40.0 2025-10-01

What's Changed

• Add extra parameter to the validate functions by @​anvilpete in pydantic/pydantic-core#1722
• chore: Correct grammar in docstring by @​willsawyerrrr in pydantic/pydantic-core#1784
• bump pyo3 to 0.26, jiter to 0.11 by @​davidhewitt in pydantic/pydantic-core#1785
• Add GraalPy 3.12 to CI, build GraalPy wheels for more platforms by @​msimacek in pydantic/pydantic-core#1790
• Add fail-fast for dicts by @​uriyyo in pydantic/pydantic-core#1543
• fix EitherString::as_cow implementation by @​davidhewitt in pydantic/pydantic-core#1794
• Reuse basic validators and serializers by @​davidhewitt in pydantic/pydantic-core#1795
• Add option to preserve empty URL paths by @​davidhewitt in pydantic/pydantic-core#1789
• Bump idna from 1.0.3 to 1.1.0 by @​dependabot[bot] in pydantic/pydantic-core#1806
• Bump uuid from 1.17.0 to 1.18.1 by @​dependabot[bot] in pydantic/pydantic-core#1802
• Bump serde_json from 1.0.142 to 1.0.145 by @​dependabot[bot] in pydantic/pydantic-core#1811
• Add field name in serialization error by @​NicolasPllr1 in pydantic/pydantic-core#1799
• Bump regex from 1.11.1 to 1.11.3 by @​dependabot[bot] in pydantic/pydantic-core#1804

New Contributors

• @​anvilpete made their first contribution in pydantic/pydantic-core#1722
• @​willsawyerrrr made their first contribution in pydantic/pydantic-core#1784
• @​l00ptr made their first contribution in pydantic/pydantic-core#1770
• @​NicolasPllr1 made their first contribution in pydantic/pydantic-core#1799

Full Changelog: pydantic/pydantic-core@v2.39.0...v2.40.0

v2.39.0 2025-08-11

What's Changed

• docs: improve onboarding by @​PrettyWood in pydantic/pydantic-core#1775
• build: bump pytest to 8.4 by @​PrettyWood in pydantic/pydantic-core#1781
• Add exclude_computed_fields serialization option by @​Viicos in pydantic/pydantic-core#1780

Full Changelog: pydantic/pydantic-core@v2.38.0...v2.39.0

v2.38.0 2025-08-04

What's Changed

• Switch to PEP 639 license information by @​Viicos in pydantic/pydantic-core#1769
• Simplify ValidationError.from_exception_data() docstring by @​kinuax in pydantic/pydantic-core#1768
• feat: make TzInfo instantiable without any arguments by @​PrettyWood in pydantic/pydantic-core#1777
• fix: make everything work on nightly by @​PrettyWood in pydantic/pydantic-core#1776
• Bump serde_json from 1.0.140 to 1.0.142 by @​dependabot[bot] in pydantic/pydantic-core#1772
• Build wheels for GraalPy by @​msimacek in pydantic/pydantic-core#1771

... (truncated)

Commits

• 70bd6f9 Prepare release v2.40.1 (#1819)
• 32c76bf Only create class instance after validation in `ModelValidator.validate_const...
• 8d06fac Bump maturin to v1.9.4 (#1817)
• d677428 Add quotes to field name in serialization warning (#1816)
• 7a1a124 Reapply "Match return type of SerializationInfo.mode() to mode of model_dump(...
• edfdce8 ci: fix pydantic integration test to actually use local core (#1814)
• 13a34ef release: 2.40.0 (#1812)
• 52d7510 Bump regex from 1.11.1 to 1.11.3 (#1804)
• 22e88b1 Bump CodSpeedHQ/action from 3 to 4 (#1805)
• 37d2ce4 Bump actions/setup-python from 5 to 6 (#1803)
• Additional commits viewable in compare view

Updates typing-inspection from 0.4.1 to 0.4.2

Release notes

Sourced from typing-inspection's releases.

v0.4.2 2025-10-01

What's Changed

• Add typing_objects.is_noextraitems() by @​Viicos in pydantic/typing-inspection#47

Full Changelog: pydantic/typing-inspection@v0.4.1...v0.4.2

Changelog

Sourced from typing-inspection's changelog.

v0.4.2 (2025-10-01)

• Add typing_objects.is_noextraitems() by @​Viicos in #47

Commits

• 8db0113 Prepare release 0.4.2 (#48)
• f4dfd61 Add typing_objects.is_noextraitems() (#47)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions