Bump the python group with 2 updates

[dependabot]

Updates the requirements on click and uv-build to permit the latest version.
Updates click to 8.3.3

Changelog

Sourced from click's changelog.

Version 8.3.3

Released 2026-04-20

• Use :func:shlex.split to split pager and editor commands into argv lists for :class:subprocess.Popen, removing shell=True. :issue:1026 :pr:1477 :pr:2775
• Fix TypeError when rendering help for an option whose default value is an object that doesn't support equality comparison with strings, such as semver.Version. :issue:3298 :pr:3299
• Fix pager test pollution under parallel execution by using pytest's tmp_path fixture instead of a shared temporary file path. :pr:3238
• Treat Sentinel.UNSET values in a default_map as absent, so they fall through to the next default source instead of being used as the value. :issue:3224 :pr:3240
• Patch pdb.Pdb in CliRunner isolation so pdb.set_trace(), breakpoint(), and debuggers subclassing pdb.Pdb (ipdb, pdbpp) can interact with the real terminal instead of the captured I/O streams. :issue:654 :issue:824 :issue:843 :pr:951 :pr:3235
• Add optional randomized parallel test execution using pytest-randomly and pytest-xdist to detect test pollution and race conditions. :pr:3151
• Add contributor documentation for running stress tests, randomized parallel tests, and Flask smoke tests. :pr:3151 :pr:3177
• Show custom show_default string in prompts, matching the existing help text behavior. :issue:2836 :pr:2837 :pr:3165 :pr:3262 :pr:3280 :pr:3328
• Fix default=True with boolean flag_value always returning the flag_value instead of True. The default=True to flag_value substitution now only applies to non-boolean flags, where True acts as a sentinel meaning "activate this flag by default". For boolean flags, default=True is returned as a literal value. :issue:3111 :pr:3239
• Mark make_default_short_help as private API. :issue:3189 :pr:3250
• CliRunner's redirected streams now expose the original file descriptor via fileno(), so that faulthandler, subprocess, and other C-level consumers no longer crash with io.UnsupportedOperation. :issue:2865
• Change :class:ParameterSource to an :class:~enum.IntEnum and reorder its members from most to least explicit, so values can be compared to check whether a parameter was explicitly provided. :issue:2879 :pr:3248

Version 8.3.2

Released 2026-04-02

• Fix handling of flag_value when is_flag=False to allow such options to be used without an explicit value. :issue:3084 :pr:3152
• Hide Sentinel.UNSET values as None when using lookup_default(). :issue:3136 :pr:3199 :pr:3202 :pr:3209 :pr:3212 :pr:3224

... (truncated)

Commits

• c06d2d0 Release 8.3.3
• f1f191e Apply format guidelines to commits since latest 8.3.2 release (#3343)
• bb59ba0 Apply format guidelines to commits since latest 8.3.2 release
• 4a35225 Reduce blast-radius of UNSET in default_map (#3240)
• c07bb93 Merge branch 'stable' into unset-in-default-map
• c7e1ba8 Reorder ParameterSource (#3248)
• 76552ff Show default string in prompt (#3328)
• ac5cec5 Reorder ParameterSource from most to least explicit
• 8c452e0 Merge branch 'stable' into show-default-string-in-prompt
• 8c95c73 Reconcile default value passing and default activation (#3239)
• Additional commits viewable in compare view

Updates uv-build to 0.11.8

Changelog

Sourced from uv-build's changelog.

0.11.8

Released on 2026-04-27.

Enhancements

• Add --python-downloads-json-url to python pin (#19092)
• Fetch uv from Astral mirror during self-update (#18682)
• Support pip uninstall -y (#19082)
• Allow exclude-newer to be missing from the lockfile when exclude-newer-span is present (#19024)
• Only show the version number in uv self version --short (#19019)
• Silence warnings on empty SSL_CERT_DIR directory (#19018)
• Use a sentinel timestamp for relative exclude-newer and exclude-newer-package values in lockfiles (#19022, #19101)

Configuration

• Add UV_PYTHON_NO_REGISTRY (#19035)
• Add an environment variable for UV_NO_PROJECT (#19052)
• Expose UV_PYTHON_SEARCH_PATH for Python discovery PATH overrides (#19034)

Bug fixes

• Add rust-toolchain.toml to uv-build sdist (#19131)
• Ensure uv invocations of git do not inherit repository location environment variables (#19088)
• Redact pre-signed upload URLs in verbose output (#19146)
• Handle transitive URL dependencies in PEP 517 build requirements (#19076, #19086)
• Support uv lock on a pyproject.toml that only contains dependency-groups (#19087)
• Disable transparent Python upgrades in projects when a patch version is requested via .python-version (#19102)
• Fix Python variant tagging in the Windows registry (#19012)
• Ban external symlinks in .tar.zst wheels (#19144)

Distributions

• Remove deprecated license classifiers from uv-build and add Python 3.14 classifier (#19130)

Documentation

• Bump astral-sh/setup-uv version in docs (#19030)
• Update PyTorch documentation for PyTorch 2.11 (#19095)

0.11.7

Released on 2026-04-15.

Python

• Upgrade CPython build to 20260414 including an OpenSSL security upgrade (#19004)

Enhancements

... (truncated)

Commits

• 0e961dd Bump version to 0.11.8 (#19184)
• 3e9c333 Configure logging before globals (#19155)
• 84a3244 Redact pre-signed upload URLs in verbose output (#19146)
• 51448c2 Use a single codepath for extracting a .tar.zst wheel (#19144)
• 5f461d6 Allow scripts/build-trampolines.sh to try podman when it's available (#19134)
• dea9815 uv-build: fixup classifiers (#19130)
• 15118d7 Drop whoami dependency (#19132)
• 992be06 Add rust-toolchain.toml to uv-build sdist (#19131)
• d46a7b6 Fix pip_compile test (#19129)
• 282919c Share pylock.toml reading and resolution in pip commands (#19125)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions