build(deps): bump the production-dependencies group with 3 updates

[dependabot]

Bumps the production-dependencies group with 3 updates: dockerflow, gunicorn and sphinx.

Updates dockerflow from 2024.4.2 to 2026.1.26

Release notes

Sourced from dockerflow's releases.

2026.01.26

What's Changed

• Add MozlogHandler that integrates renamed formatter by @​grahamalama in mozilla-services/python-dockerflow#112
• chore: fix a typo by @​AlphaWong in mozilla-services/python-dockerflow#118
• Fix CI and expand test matrix to Django 5.2 and Python 3.13 by @​janbrasna in mozilla-services/python-dockerflow#120
• Pin test dependencies to fix CI, drop EOL and add Django 6.0 by @​janbrasna in mozilla-services/python-dockerflow#122

New Contributors

• @​AlphaWong made their first contribution in mozilla-services/python-dockerflow#118
• @​janbrasna made their first contribution in mozilla-services/python-dockerflow#120

Full Changelog: mozilla-services/python-dockerflow@2024.04.2...2026.01.26

Sanic >= 20.3 support and added flask.g.request_id

No release notes provided.

Commits

• 7297801 Pin test dependencies to fix CI, drop EOL and add Django 6.0 (#122)
• 3221444 Fix CI and expand test matrix to Django 5.2 and Python 3.13 (#120)
• 276ff50 chore: fix a typo (#118)
• ba6936b Add MozlogHandler that integrates renamed formatter (#112)
• See full diff in compare view

Updates gunicorn from 24.0.0 to 25.0.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 25.0.0

New Features

• Dirty Arbiters: Separate process pool for executing long-running, blocking operations (AI model loading, heavy computation) without blocking HTTP workers ([PR #3460](benoitc/gunicorn#3460))

  • Inspired by Erlang's dirty schedulers
  • Asyncio-based with Unix socket IPC
  • Stateful workers that persist loaded resources
  • New settings: --dirty-app, --dirty-workers, --dirty-timeout, --dirty-threads, --dirty-graceful-timeout
  • Lifecycle hooks: on_dirty_starting, dirty_post_fork, dirty_worker_init, dirty_worker_exit

• Per-App Worker Allocation for Dirty Arbiters: Control how many dirty workers load each app for memory optimization with heavy models ([PR #3473](benoitc/gunicorn#3473))

  • Set workers class attribute on DirtyApp (e.g., workers = 2)
  • Or use config format module:class:N (e.g., myapp:HeavyModel:2)
  • Requests automatically routed to workers with the target app
  • New exception DirtyNoWorkersAvailableError for graceful error handling
  • Example: 8 workers × 10GB model = 80GB → with workers=2: 20GB (75% savings)

• HTTP/2 Support (Beta): Native HTTP/2 (RFC 7540) support for improved performance with modern clients ([PR #3468](benoitc/gunicorn#3468))

  • Multiplexed streams over a single connection
  • Header compression (HPACK)
  • Flow control and stream prioritization
  • Works with gthread, gevent, and ASGI workers
  • New settings: --http-protocols, --http2-max-concurrent-streams, --http2-initial-window-size, --http2-max-frame-size, --http2-max-header-list-size
  • Requires SSL/TLS and h2 library: pip install gunicorn[http2]
  • New example: examples/http2_gevent/ with Docker and tests

• HTTP 103 Early Hints: Support for RFC 8297 Early Hints to enable browsers to preload resources before the final response ([PR #3468](benoitc/gunicorn#3468))

  • WSGI: environ['wsgi.early_hints'](https://github.com/benoitc/gunicorn/blob/HEAD/headers) callback
  • ASGI: http.response.informational message type
  • Works with both HTTP/1.1 and HTTP/2

• uWSGI Protocol for ASGI Worker: The ASGI worker now supports receiving requests via the uWSGI binary protocol from nginx ([PR #3467](benoitc/gunicorn#3467))

Bug Fixes

• Fix HTTP/2 ALPN negotiation for gevent and eventlet workers when do_handshake_on_connect is False (the default). The TLS handshake is now explicitly performed before checking selected_alpn_protocol().

... (truncated)

Commits

• 617a85e docs: update 25.0.0 release date to 2026-02-01
• ee933f2 fix(asgi): quick shutdown on SIGINT/SIGQUIT, graceful on SIGTERM
• 98ef198 docs: update security policy for maintained versions 24.1.1 and 25.0.0
• 911e333 chore: replace RST with markdown, remove docs-lint and readthedocs config
• 7ff671b chore: replace README.rst with README.md, remove modernization-plan.md
• d5ab5dc Merge pull request #3473 from benoitc/feature/per-app-worker-allocation
• d563a7e chore: bump version to 25.0.0
• 86264ef docs: add per-app worker allocation to 25.0.0 changelog
• c4fe116 docs: add per-app worker allocation documentation
• 1af5997 docs: regenerate settings.md
• Additional commits viewable in compare view

Updates sphinx from 8.2.3 to 9.0.4

Release notes

Sourced from sphinx's releases.

Sphinx 9.0.4

Changelog: https://www.sphinx-doc.org/en/master/changes/9.0.html

Bugs fixed

• #14143: Fix spurious build warnings when translators reorder references in strings, or use translated display text in references. Patch by Matt Wang.

Sphinx 9.0.3

Changelog: https://www.sphinx-doc.org/en/master/changes/9.0.html

Bugs fixed

• #14142: autodoc: Restore some missing exports in sphinx.ext.autodoc. Patch by Adam Turner.

Sphinx 9.0.2

Changelog: https://www.sphinx-doc.org/en/master/changes/9.0.html

Bugs fixed

• #14142: autodoc: Restore sphinx.ext.autodoc.mock. Patch by Adam Turner.

Sphinx 9.0.1

Changelog: https://www.sphinx-doc.org/en/master/changes/9.0.html

Bugs fixed

• #13942: autodoc: Restore the mapping interface for options objects. Patch by Adam Turner.
• #13942: autodoc: Deprecate the mapping interface for options objects. Patch by Adam Turner.
• #13387: Update translations.

Sphinx 9.0.0

Changelog: https://www.sphinx-doc.org/en/master/changes/9.0.html

Dependencies

• #13786: Support Docutils 0.22. Patch by Adam Turner.

Incompatible changes

... (truncated)

Changelog

Sourced from sphinx's changelog.

Release 9.0.4 (released Dec 04, 2025)

Bugs fixed

• #14143: Fix spurious build warnings when translators reorder references in strings, or use translated display text in references. Patch by Matt Wang.

Release 9.0.3 (released Dec 04, 2025)

Bugs fixed

• #14142: autodoc: Restore some missing exports in :mod:!sphinx.ext.autodoc. Patch by Adam Turner.

Release 9.0.2 (released Dec 03, 2025)

Bugs fixed

• #14142: autodoc: Restore :mod:!sphinx.ext.autodoc.mock. Patch by Adam Turner.

Release 9.0.1 (released Dec 01, 2025)

Bugs fixed

• #13942: autodoc: Restore the mapping interface for options objects. Patch by Adam Turner.
• #13942: autodoc: Deprecate the mapping interface for options objects. Patch by Adam Turner.
• #13387: Update translations.

Release 9.0.0 (released Nov 30, 2025)

Dependencies

• #13786: Support Docutils 0.22_. Patch by Adam Turner.

  .. _Docutils 0.22: https://docutils.sourceforge.io/RELEASE-NOTES.html#release-0-22-2026-07-29

... (truncated)

Commits

• 8ddba7e Bump to 9.0.4 final
• 6959633 [bot]: Update message catalogues (#14155)
• 88a4a97 Allow reordered refs and translated display text in pending_xref (#14144)
• f666208 Bump version
• df8a9e7 Bump to 9.0.3 final
• bd89f96 Import names from defining module
• 7d05936 autodoc: Restore some missing exports
• b745a11 Bump version
• 1ac581c Bump to 9.0.2 final
• 1281a83 autodoc: Restore mock module for compatibility (#14152)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions