Skip to content

chore(deps): bump the python group across 2 directories with 4 updates#4525

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/global-images/datascience/python-90f7e570af
Open

chore(deps): bump the python group across 2 directories with 4 updates#4525
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/global-images/datascience/python-90f7e570af

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 13, 2026

Copy link
Copy Markdown
Contributor

Bumps the python group with 3 updates in the /global-images/datascience directory: numpy, plotly and transformers.
Bumps the python group with 1 update in the /scripts/init-realm directory: python-keycloak.

Updates numpy from 2.5.0 to 2.5.1

Release notes

Sourced from numpy's releases.

v2.5.1 (July 4, 2026)

NumPy 2.5.1 Release Notes

The NumPy 2.5.1 is a patch release that fixes bugs discovered after the 2.5.0 release. The most noticeable is the fix is to the numpy datetime cython API which should allow downstream to support NumPy versions older than 2.5. Preparation for Python 3.15 continues along with typing improvements.

This release supports Python versions 3.12-3.14

Changes

  • The minimum supported GCC version has been updated from 9.3.0 to 10.3.0

    (gh-31843)

Contributors

A total of 10 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Adhyan Gupta +
  • Ankit Ahlawat
  • Charles Harris
  • Iason Krommydas
  • Joren Hammudoglu
  • Kumar Aditya
  • Nathan Goldbaum
  • Sebastian Berg
  • Ties Jan Hefting +
  • Vineet Kumar

Pull requests merged

A total of 20 pull requests were merged for this release.

  • #31707: MAINT: Prepare 2.5.x for further development
  • #31721: CI: fix new cython-lint errors (#31711)
  • #31723: MAINT: Update meson to match main
  • #31729: TST: use setup-sde instead of curl to get SDE binaries (#31727)
  • #31829: BUG: Relax finfo to be easier accessible for all user dtypes...
  • #31831: TYP: Fix flatiter.__next__ return type for object_ and...
  • #31832: BUG: avoid deadlocks using NpyString API (#31682)
  • #31833: BUG: fix out array leak in reduceat and accumulate when dtype...
  • #31835: BUG: fix numpy datetime cython APIs to be compatible with older...
  • #31836: TYP: Fix incorrect dtype inference of asarray([]) (#31732)
  • #31837: TYP: Fix np.ma.masked_array 2.5.0 regression
  • #31838: FIX: Refactor error handling in array_setstate to prevent typecode...
  • #31839: TST: xfail multithreaded BLAS test more generously
  • #31840: MAINT: Rename subroutine for crackfortran tests

... (truncated)

Commits
  • 5e1d03f Merge pull request #31863 from charris/prepare-2.5.1
  • ad0b66b REL: Prepare for the NumPy 2.5.1 release.
  • 9df8516 Merge pull request #31858 from charris/backport-31688
  • 4dee265 Merge pull request #31857 from charris/backport-31775
  • dc8d553 Merge pull request #31856 from charris/backport-31846
  • 67cb4a8 fix:Signed integer overflow in datetime.c (#31688)
  • baa2589 TST: Clean up imports, formatting, and assertions
  • 2fe5ba4 TEST: Refactor tests to use np.testing.assert_raises_regex per review
  • bb46581 MAINT: Remove deprecated Python recursion fix
  • 8f34214 MAINT: Move SeedSequence recursion guard to C-layer and add tests
  • Additional commits viewable in compare view

Updates plotly from 6.8.0 to 6.9.0

Release notes

Sourced from plotly's releases.

v6.9.0

Fixed

  • Raise a clear ValueError when an unsupported marginal plot type is passed to Plotly Express, instead of failing later with a cryptic 'NoneType' object has no attribute 'constructor' message [#5625], with thanks to @​eugen-goebel for the contribution!

Updated

  • Update plotly.js from version 3.6.0 to version 3.7.0. See the plotly.js release notes for more information [#5639]. Notable changes include:
    • Rename sendDataToCloud modebar button to sendChartToCloud, and update to upload chart to Plotly Cloud [#7802, #7852, #7854]. NOTE: The Plotly Cloud endpoint for receiving charts is not yet functional, so this button won't complete the upload.
    • Fix stale scattergl error bars after toggling traces with mixed error bar visibility [#7773], with thanks to @​JulienIcon for the contribution!
    • Fix geo fitbounds to choose a compact longitude range when point data straddles the antimeridian [#7837], with thanks to @​SharadhNaidu for the contribution!

Full Changelog: plotly/plotly.py@v6.8.0...v6.9.0

Changelog

Sourced from plotly's changelog.

[6.9.0] - 2026-07-09

Fixed

  • Raise a clear ValueError when an unsupported marginal plot type is passed to Plotly Express, instead of failing later with a cryptic 'NoneType' object has no attribute 'constructor' message [#5625], with thanks to @​eugen-goebel for the contribution!

Updated

  • Update plotly.js from version 3.6.0 to version 3.7.0. See the plotly.js release notes for more information [#5639]. Notable changes include:
    • Rename sendDataToCloud modebar button to sendChartToCloud, and update to upload chart to Plotly Cloud [#7802, #7852, #7854]. NOTE: The Plotly Cloud endpoint for receiving charts is not yet functional, so this button won't complete the upload.
    • Fix stale scattergl error bars after toggling traces with mixed error bar visibility [#7773], with thanks to @​JulienIcon for the contribution!
    • Fix geo fitbounds to choose a compact longitude range when point data straddles the antimeridian [#7837], with thanks to @​SharadhNaidu for the contribution!
Commits
  • 495134a update date
  • 2e824d8 version changes for v6.9.0
  • c27c986 Merge pull request #5639 from plotly/update-plotlyjs-3.7.0
  • 3d63d05 typos
  • fd7e3f1 update commands.py and CONTRIBUTING.md to reflect the fact that JS build arti...
  • 9a753fe update changelog
  • 4ff6656 update built JS artifacts
  • b3facc7 update plotly.js to v3.7.0
  • 5cdb606 Merge pull request #5630 from eugen-goebel/fix-marginal-error-message-spacing
  • 8d47808 Add missing space in unsupported-marginal error message
  • Additional commits viewable in compare view

Updates transformers from 5.12.1 to 5.13.1

Release notes

Sourced from transformers's releases.

Patch release v5.13.1

This patch is focused on enabling transformers for the latest release of vllm!

  • Be more defensive with remap_legacy_layer_types for custom models (#47245) from @​hmellor
  • Fix custom code which doesn't know about the new linear layer type names (#47174) from @​hmellor
  • Fix case where _LazyAutoMapping.register is passed a str key (#47148) from @​hmellor

Release v5.13.0

New Model additions

KimiK 2.5, 2.6, and 2.7

This release includes the architecture for Kimi 2.5 which is used by 2.5-2.7:

Kimi K2.5 is an open-source, native multimodal agentic model that advances practical capabilities in long-horizon coding, coding-driven design, proactive autonomous execution, and swarm-based task orchestration. The model was proposed in Kimi K2.5: Visual Agentic Intelligence and further improved in [Kimi K2.6: Advancing Open-Source Coding](https://github.com/huggingface/transformers/blob/HEAD/Kimi K2.5: Visual Agentic Intelligence).

Kimi K2.5 achieves significant improvements on complex, end-to-end coding tasks, generalizing robustly across programming languages (Rust, Go, Python) and domains spanning front-end, DevOps, and performance optimization. The model is capable of transforming simple prompts and visual inputs into production-ready interfaces and lightweight full-stack workflows, generating structured layouts, interactive elements, and rich animations with deliberate aesthetic precision.

Links: Documentation

MiMo-V2-Flash

MiMo-V2-Flash is a Mixture-of-Experts (MoE) language model developed by the Xiaomi MiMo team. Designed to establish a new balance between long-context modeling capabilities and inference efficiency, the model is built for strong performance in complex reasoning and agentic tasks. Trained on 27T tokens with native 32k sequence lengths, MiMo-V2-Flash seamlessly supports an extended 256K context window while significantly reducing KV-cache storage compared to standard global attention models.

Links: Documentation

Nemotron 3.5 ASR

Nemotron 3.5 ASR is a 600M-parameter multilingual speech recognition model from NVIDIA, built for high-quality transcription in both low-latency streaming and high-throughput batch settings, with native punctuation and capitalization. For streaming, it offers configurable chunk sizes—80ms, 160ms, 560ms, and 1120ms, letting users trade off latency against accuracy to suit their application. Its cache-aware FastConformer-RNNT architecture is central to this capability: unlike traditional buffered streaming, which repeatedly reprocesses overlapping audio windows, the model processes only each new incoming chunk while reusing cached encoder context from prior chunks. This eliminates redundant computation, significantly improves efficiency, and minimizes end-to-end delay without sacrificing accuracy, making it well suited to real-time transcription workloads.

Links: Documentation

NemotronAsrStreaming

Nemotron ASR Streaming is a 600M-parameter English speech recognition model from NVIDIA, built for high-quality transcription in both low-latency streaming and high-throughput batch settings, with native punctuation and capitalization. For streaming, it offers configurable chunk sizes—80ms, 160ms, 560ms, and 1120ms, letting users trade off latency against accuracy to suit their application. Its cache-aware FastConformer-RNNT architecture is central to this capability: unlike traditional buffered streaming, which repeatedly reprocesses overlapping audio windows, the model processes only each new incoming chunk while reusing cached encoder context from prior chunks. This eliminates redundant computation, significantly improves efficiency, and minimizes end-to-end delay without sacrificing accuracy, making it well suited to real-time transcription workloads.

Links: Documentation

... (truncated)

Commits

Updates python-keycloak from 5.8.0 to 7.1.1

Changelog

Sourced from python-keycloak's changelog.

v7.1.1 (2026-02-15)

Fix

  • uma: set requested resource ids correctly in permission ticket creation (#702)

v7.1.0 (2026-02-13)

Feat

  • decode token with all keys, added get client certificate info method (#704)

v7.0.3 (2026-01-28)

Fix

  • do not throw when processing signed userinfo response (#699)

v7.0.2 (2026-01-08)

Fix

  • Fix/python version and ci (#691)

v7.0.1 (2026-01-05)

Fix

  • python version

v7.0.0 (2026-01-04)

BREAKING CHANGE

  • this change introduces a very strong typing across the library. From now on, we demand that each method returns a single type and converts the results into the specified return type, otherwise it raises a TypeError exception. This should resolve any type checking linter errors within the library as well.

Fix

  • updated lockfile
  • pass along the default connection manager configuration into uma
  • dont override transport for httpx
  • pass query params in get groups
  • removed async property as a dependency
  • strong and consistent typing across the library

v6.0.0 (2025-12-28)

BREAKING CHANGE

  • changes the behavior of get_group_by_path to raise an exception in case the path is not found, which is now the definitive new behavior

... (truncated)

Commits
  • de25a9c fix(uma): set requested resource ids correctly in permission ticket creation ...
  • 9720e2d docs: changelog update
  • 98b9b24 feat: decode token with all keys, added get client certificate info method (#...
  • f5333a0 docs: changelog update
  • ce07157 fix: do not throw when processing signed userinfo response (#699)
  • 6580ac6 chore: updated deps
  • 2f6beb3 chore(typehints): fixup typehints for role parameter for add composites (#697)
  • 7e8184d chore: typehints (#696)
  • 5e3ee8d docs: changelog update
  • 8eca957 fix: Fix/python version and ci (#691)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 13, 2026
@dependabot dependabot Bot requested a review from a team as a code owner July 13, 2026 11:21
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 13, 2026
Bumps the python group with 3 updates in the /global-images/datascience directory: [numpy](https://github.com/numpy/numpy), [plotly](https://github.com/plotly/plotly.py) and [transformers](https://github.com/huggingface/transformers).
Bumps the python group with 1 update in the /scripts/init-realm directory: [python-keycloak](https://github.com/marcospereirampj/python-keycloak).


Updates `numpy` from 2.5.0 to 2.5.1
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.5.0...v2.5.1)

Updates `plotly` from 6.8.0 to 6.9.0
- [Release notes](https://github.com/plotly/plotly.py/releases)
- [Changelog](https://github.com/plotly/plotly.py/blob/main/CHANGELOG.md)
- [Commits](plotly/plotly.py@v6.8.0...v6.9.0)

Updates `transformers` from 5.12.1 to 5.13.1
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v5.12.1...v5.13.1)

Updates `python-keycloak` from 5.8.0 to 7.1.1
- [Changelog](https://github.com/marcospereirampj/python-keycloak/blob/master/CHANGELOG.md)
- [Commits](marcospereirampj/python-keycloak@v5.8.0...v7.1.1)

---
updated-dependencies:
- dependency-name: numpy
  dependency-version: 2.5.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python
- dependency-name: plotly
  dependency-version: 6.9.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: python-keycloak
  dependency-version: 7.1.1
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: python
- dependency-name: transformers
  dependency-version: 5.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot force-pushed the dependabot/pip/global-images/datascience/python-90f7e570af branch from 1a6e127 to 9ac2285 Compare July 15, 2026 14:15
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants