Bump the pip-dependencies group across 1 directory with 16 updates

[dependabot]

Updates the requirements on pandas, numpy, joblib, flake8, gitpython, scipy, matplotlib, astropy, astropy-iers-data, setuptools, plotly, requests, polars, pyarrow, pytest and ruff to permit the latest version.
Updates pandas to 2.3.3

Release notes

Sourced from pandas's releases.

Pandas 2.3.3

We are pleased to announce the release of pandas 2.3.3. This release includes some improvements and fixes to the future string data type (preview feature for the upcoming pandas 3.0). We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.3.3 supports Python 3.9 and higher, and is the first release to support Python 3.14.

The release will be available on the conda-forge channel:

conda install pandas --channel conda-forge

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits

• 9c8bc3e RLS: 2.3.3
• 6aa788a [backport 2.3.x] DOC: prepare 2.3.3 whatsnew notes for release (#62499) (#62508)
• b64f0df [backport 2.3.x] BUG: avoid validation error for ufunc with string[python] ar...
• 058eb2b [backport 2.3.x] BUG: String[pyarrow] comparison with mixed object (#62424) (...
• 2ca088d [backport 2.3.x] DEPR: remove the Period resampling deprecation (#62480) (#62...
• 92bf98f [backport 2.3.x] BUG: fix .str.isdigit to honor unicode superscript for older...
• e57c7d6 Backport PR #62452 on branch 2.3.x (TST: Adjust tests for numexpr 2.13) (#62454)
• e0fe9a0 Backport to 2.3.x: REGR: from_records not initializing subclasses properly (#...
• 23a1085 BUG: improve future warning for boolean operations with missaligned indexes (...
• 6113696 Backport PR #62396 on branch 2.3.x (PKG/DOC: indicate Python 3.14 support in ...
• Additional commits viewable in compare view

Updates numpy to 2.2.6

Release notes

Sourced from numpy's releases.

v2.2.6 (May 17, 2025)

NumPy 2.2.6 Release Notes

NumPy 2.2.6 is a patch release that fixes bugs found after the 2.2.5 release. It is a mix of typing fixes/improvements as well as the normal bug fixes and some CI maintenance.

This release supports Python versions 3.10-3.13.

Contributors

A total of 8 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Charles Harris
• Ilhan Polat
• Joren Hammudoglu
• Marco Gorelli +
• Matti Picus
• Nathan Goldbaum
• Peter Hawkins
• Sayed Adel

Pull requests merged

A total of 11 pull requests were merged for this release.

• #28778: MAINT: Prepare 2.2.x for further development
• #28851: BLD: Update vendor-meson to fix module_feature conflicts arguments...
• #28852: BUG: fix heap buffer overflow in np.strings.find
• #28853: TYP: fix NDArray[floating] + float return type
• #28864: BUG: fix stringdtype singleton thread safety
• #28865: MAINT: use OpenBLAS 0.3.29
• #28889: MAINT: from_dlpack thread safety fixes
• #28913: TYP: Fix non-existent CanIndex annotation in ndarray.setfield
• #28915: MAINT: Avoid dereferencing/strict aliasing warnings
• #28916: BUG: Fix missing check for PyErr_Occurred() in _pyarray_correlate.
• #28966: TYP: reject complex scalar types in ndarray.__ifloordiv__

Checksums

MD5

259343f056061f6eadb2f4b8999d06d4  numpy-2.2.6-cp310-cp310-macosx_10_9_x86_64.whl
16fa85488e149489ce7ee044d7b0d307  numpy-2.2.6-cp310-cp310-macosx_11_0_arm64.whl
f01b7aea9d2b76b1eeb49766e615d689  numpy-2.2.6-cp310-cp310-macosx_14_0_arm64.whl
f2ddc2b22517f6e31caa1372b12c2499  numpy-2.2.6-cp310-cp310-macosx_14_0_x86_64.whl
52190e22869884f0870eb3df7a283ca9  numpy-2.2.6-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
8f382b9ca6770db600edd5ea2447a925  numpy-2.2.6-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
e604aae2ef6e01fb92ecc39aca0424d9  numpy-2.2.6-cp310-cp310-musllinux_1_2_aarch64.whl

... (truncated)

Commits

• 2b686f6 Merge pull request #28980 from charris/prepare-2.2.6
• ed41828 REL: Prepare for the NumPy 2.2.6 release [wheel build]
• 83e4e7f Merge pull request #28966 from charris/backport-28958
• 248f0cb TYP: add rejection-tests for complex ndarray floordiv
• 5bad9da TYP: reject complex scalar types in ndarray.__ifloordiv__
• 6c42775 Merge pull request #28915 from charris/backport-28892
• 4277e7c Merge pull request #28916 from charris/backport-28898
• bd1c863 BUG: Fix missing check for PyErr_Occurred() in _pyarray_correlate. (#28898)
• 87d1d8a MAINT: Avoid dereferencing/strict aliasing warnings during complex casts in `...
• 9e50659 Merge pull request #28913 from charris/backport-28908
• Additional commits viewable in compare view

Updates joblib to 1.5.3

Changelog

Sourced from joblib's changelog.

Release 1.5.3 - 2025/12/15

• The Memory object won't overwrite an already existing .gitignore file in its cache directory anymore. joblib/joblib#1742

• Harden the safety checks in eval_expr(pre_dispatch) to prevent excessive memory allocation and potential crashes by limiting the allowed length of the expression and the maximum numeric value of sub-expressions and not evaluating expressions with non-numeric literals. joblib/joblib#1744

• Vendor cloudpickle 3.1.2 to fix a pickling problem with interactively defined abstract base classes and type annotations in Python 3.14+.

Release 1.5.2 - 2025/08/27

• Vendor loky3.5.6 fixing the resource tracker for python 3.13.7+ joblib/joblib#1740

Memory:

- Ensure that temporary files managed by the ``Memory`` object do not collide
  when using the same cache directory when the cache directory is accessed
  concurrently from different nodes on a cluster with a shared filesystem.
  https://github.com/joblib/joblib/pull/1656
Release 1.5.1 - 2025/05/23


Fix backend hints causing errors when no multiprocessing is present

joblib/joblib#1721


Vendor loky3.5.5 fixing the resource_tracker clean up with earlier Python

versions. joblib/joblib#1724


Release 1.5.0 -- 2025/05/03
Memory:

• Enforce age_limit is a positive timedelta for Memory.reduce_size, to avoid silently ignoring it. joblib/joblib#1613

• Remove deprecated bytes_limit argument for Memory, which should

... (truncated)

Commits

• 40cd002 RELEASE 1.5.3 (#1765)
• f05be67 MNT Remove last usage of distutils (#1760)
• 4273f39 MNT bump actions/checkout from 5 to 6 in the github-actions group (#1762)
• f465f02 FIX don't overwrite existing .gitignore (#1742)
• cca7d87 MNT bump sklearn test on python 3.12 (#1759)
• f7775ad MNT remove deprecated pytest feature (#1757)
• 3c58aab Add Python 3.14 and 3.14t to the testing (#1747)
• 9b96664 Bump cloudpickle to 3.1.2 (#1752)
• c3bdbd9 Bump the github-actions group with 5 updates (#1749)
• a09bb30 Keep GitHub Actions up to date with GitHub's Dependabot (#1748)
• Additional commits viewable in compare view

Updates flake8 to 7.3.0

Commits

• c48217e Release 7.3.0
• f9e0f33 Merge pull request #1986 from PyCQA/document-f542
• 6bcdb62 document F542
• 70a15b8 Merge pull request #1985 from PyCQA/upgrade-deps
• 4941a3e upgrade pyflakes / pycodestyle
• 23e4005 Merge pull request #1983 from PyCQA/py314
• 019424b add support for t-strings
• 6b6f3d5 Merge pull request #1980 from PyCQA/asottile-patch-1
• 8dfa669 add rtd sphinx config
• ce34111 Merge pull request #1976 from PyCQA/document-f824
• Additional commits viewable in compare view

Updates gitpython to 3.1.49

Release notes

Sourced from gitpython's releases.

3.1.49 - Security

What's Changed

• reject control chars in written values in configuration by @​Byron in gitpython-developers/GitPython#2137
• Improve pure Python rev-parse coverage and behavior by @​Copilot in gitpython-developers/GitPython#2136

Full Changelog: gitpython-developers/GitPython@3.1.48...3.1.49

Commits

• aee2fd5 bump version to 3.1.49
• 1c4ea96 Merge pull request #2136 from gitpython-developers/copilot/create-reproducing...
• 6cf7ac3 Address rev-parse review feedback
• b049a13 Merge pull request #2137 from gitpython-developers/fix-config-injection
• bdbdf4b Fix rev-parse CI issues
• d7ce6fc Improve pure Python rev-parse coverage and behavior (#2135)
• 8e24503 avoid duplicate validation in set_value
• c417af4 reject control chars in written values in configuration
• 5a15361 a new release with safer reference creation
• dbfa264 Merge pull request #2134 from gitpython-developers/validate-ref-creation
• Additional commits viewable in compare view

Updates scipy to 1.15.3

Release notes

Sourced from scipy's releases.

SciPy 1.15.3 Release Notes

SciPy 1.15.3 is a bug-fix release with no new features compared to 1.15.2.

For the complete issue and PR lists see the raw release notes.

Authors

• Name (commits)
• aiudirog (1) +
• Nickolai Belakovski (1)
• Florian Bourgey (1) +
• Richard Strong Bowen (2) +
• Jake Bowhay (1)
• Dietrich Brunn (2)
• Evgeni Burovski (1)
• Lucas Colley (1)
• Ralf Gommers (1)
• Saarthak Gupta (1) +
• Matt Haberland (4)
• Chengyu Han (1) +
• Lukas Huber (1) +
• Nick ODell (2)
• Ilhan Polat (4)
• Tyler Reddy (52)
• Neil Schemenauer (1) +
• Dan Schult (1)
• sildater (1) +
• Gagandeep Singh (4)
• Albert Steppi (2)
• Matthias Urlichs (1) +
• David Varela (1) +
• ਗਗਨਦੀਪ ਸਿੰਘ (Gagandeep Singh) (3)

A total of 24 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

Commits

• e29dcb6 REL: 1.15.3 rel commit [wheel build]
• 61e6aa1 Merge pull request #22840 from tylerjereddy/treddy_1.15.3_backports
• 18c4ca8 MAINT: PR 22840 wheel build [wheel build]
• bd0f132 MAINT: PR 22840 revisions
• 033b138 MAINT: PR 22840 revisions
• 7a283cc DOC: PR 22840 revisions
• 3d1ea40 BUG: spatial.HalfspaceIntersection: raise on non-feasible half space (#20035)
• d01b984 BUG: ndimage.median_filter: fix segfault when using mode='mirror' (#22608)
• 0879108 MAINT: special.logsumexp: fix bug when weight of largest magnitude component ...
• 9b3b2d8 Merge pull request #22869 from smurfix/main
• Additional commits viewable in compare view

Updates matplotlib to 3.10.9

Release notes

Sourced from matplotlib's releases.

v3.10.9

This is a micro release of the v3.10.x series. Highlights of this release include:

• Various minor bug and doc fixes
• Security hardening validation of cyclers - Removing eval usage
• Security hardening in Latex and PS calls - Removing shell escapes

Commits

• dd8d78b REL: v3.10.9
• 2fb1891 REL: Release prep v3.10.9
• d0e923a Merge branch 'v3.10.8-doc' into v3.10.x
• 1637932 Merge pull request #31558 from meeseeksmachine/auto-backport-of-pr-31556-on-v...
• a83faac Backport PR #31556: FIX: Inverted PyErr_Occurred check in enum type caster (_...
• a4f57ab Merge pull request #31545 from ksunden/backport-of-pr-31282-on-v3.10.x
• 063288d Merge pull request #31544 from ksunden/backport-of-pr-31248-on-v3.10.x
• b2ed196 Backport PR #31248: SEC: Remove eval() from validate_cycler
• acc6024 Merge pull request #31282 from scottshambaugh/tex_no_shell
• e3fb541 Merge pull request #31078 from meeseeksmachine/auto-backport-of-pr-31075-on-v...
• Additional commits viewable in compare view

Updates astropy to 6.1.7

Release notes

Sourced from astropy's releases.

v6.1.7

See https://docs.astropy.org/en/v6.1.7/changelog.html

Commits

• See full diff in compare view

Updates astropy-iers-data to 0.2026.4.27.1.3.2

Release notes

Sourced from astropy-iers-data's releases.

v0.2026.4.27.1.3.2

Full Changelog: astropy/astropy-iers-data@v0.2026.4.20.0.58.15...v0.2026.4.27.1.3.2

Commits

• 761792c Update IERS Earth rotation and leap second tables
• c6d4e8f Update IERS Earth rotation and leap second tables
• 4f3819e Update IERS Earth rotation and leap second tables
• ae05922 Update IERS Earth rotation and leap second tables
• d880985 Fix publish workflow
• f4a854d Merge pull request #58 from neutrinoceros/mnt/drop-third-party-create-release...
• fd7aee1 MNT: drop unneeded third-party GHA softprops/action-gh-release
• a18a83f Merge pull request #68 from astropy/dependabot/github_actions/dot-github/work...
• cf7cc00 Bump softprops/action-gh-release
• 272e73b Update IERS Earth rotation and leap second tables
• Additional commits viewable in compare view

Updates setuptools to 82.0.1

Changelog

Sourced from setuptools's changelog.

v82.0.1

Bugfixes

• Fix the loading of launcher manifest.xml file. (#5047)
• Replaced deprecated json.__version__ with fixture in tests. (#5186)

Improved Documentation

• Add advice about how to improve predictability when installing sdists. (#5168)

Misc

• #4941, #5157, #5169, #5175

v82.0.0

Deprecations and Removals

• pkg_resources has been removed from Setuptools. Most common uses of pkg_resources have been superseded by the importlib.resources <https://docs.python.org/3/library/importlib.resources.html>_ and importlib.metadata <https://docs.python.org/3/library/importlib.metadata.html>_ projects. Projects and environments relying on pkg_resources for namespace packages or other behavior should depend on older versions of setuptools. (#3085)

v81.0.0

Deprecations and Removals

• Removed support for the --dry-run parameter to setup.py. This one feature by its nature threads through lots of core and ancillary functionality, adding complexity and friction. Removal of this parameter will help decouple the compiler functionality from distutils and thus the eventual full integration of distutils. These changes do affect some class and function signatures, so any derivative functionality may require some compatibility shims to support their expected interface. Please report any issues to the Setuptools project for investigation. (#4872)

v80.10.2

Bugfixes

• Update vendored dependencies. (#5159)

Misc

... (truncated)

Commits

• 5a13876 Bump version: 82.0.0 → 82.0.1
• 51ab8f1 Avoid using (deprecated) 'json.version' in tests (#5194)
• f9c37b2 Docs/CI: Fix intersphinx references (#5195)
• 8173db2 Docs: Fix intersphinx references
• 09bafbc Fix past tense on newsfragment
• 461ea56 Add news fragment
• c4ffe53 Avoid using (deprecated) 'json.version' in tests
• 749258b Cleanup pkg_resources dependencies and configuration (#5175)
• 2019c16 Parse ext-module.define-macros from pyproject.toml as list of tuples (#5169)
• b809c86 Sync setuptools schema with validate-pyproject (#5157)
• Additional commits viewable in compare view

Updates plotly to 6.7.0

Release notes

Sourced from plotly's releases.

v6.7.0

Added

• Add facet_row support to px.imshow for creating subplots along an additional dimension [#5445], with thanks to @​FBumann for the contribution!

Fixed

• Update numpy.percentile syntax to stop using deprecated alias [#5483], with thanks to @​Mr-Neutr0n for the contribution!
  • numpy with a version less than 1.22 is no longer supported.
• Handle empty px.histogram by skipping None label in hover template [#5535], with thanks to @​tysoncung for the contribution!

Updated

• Update plotly.js from version 3.4.0 to version 3.5.0. See the plotly.js release notes for more information. [#5565]. Notable changes include:
  • Add hoveranywhere and clickanywhere layout attributes to enable emitting hover and click events anywhere in the plot area, not just over traces [#7707]
  • Add displayNotifier configuration property to set the display of notifier in the top right area of the viewport [#7730]
  • Update USA location lookup for scattergeo and choropleth traces to use both location names and abbreviations [#7731]

Changelog

Sourced from plotly's changelog.

[6.7.0] - 2026-04-09

Added

• Add facet_row support to px.imshow for creating subplots along an additional dimension [#5445], with thanks to @​FBumann for the contribution!

Fixed

• Update numpy.percentile syntax to stop using deprecated alias [#5483], with thanks to @​Mr-Neutr0n for the contribution!
  • numpy with a version less than 1.22 is no longer supported.
• Handle empty px.histogram by skipping None label in hover template [#5535], with thanks to @​tysoncung for the contribution!

Updated

• Update plotly.js from version 3.4.0 to version 3.5.0. See the plotly.js release notes for more information. [#5565]. Notable changes include:
  • Add hoveranywhere and clickanywhere layout attributes to enable emitting hover and click events anywhere in the plot area, not just over traces [#7707]
  • Add displayNotifier configuration property to set the display of notifier in the top right area of the viewport [#7730]
  • Update USA location lookup for scattergeo and choropleth traces to use both location names and abbreviations [#7731]

[6.6.0] - 2026-03-02

Fixed

• Remove unneeded type="text/javascript" attribute from <style> tag [#5454], with thanks to @​hannob for the contribution!
• Remove global warning format side effect [#5481], with thanks to @​emmanuel-ferdman for the contribution!
• Fix spurious engine deprecation warning in write_image [#5517], with thanks to @​mosh3eb for the contribution!

Updated

• Update plotly.js from version 3.3.1 to version 3.4.0. See the plotly.js release notes for more information. [#5527]. Notable changes include:
  • Add support for clicking legend titles to toggle visibility of all traces in legend [#7698]
  • Add support for shapes to reference multiple axes [#7666]
  • Add support for dashed marker lines in scatter plots [#7673]
  • Increase axis autorange when bar charts have outside text labels, to avoid labels being clipped [#7675]

[6.5.2] - 2026-01-14

Fixed

• Fix issue where pie trace legend, showlegend attributes don't accept array values [#5464 and #5465], with thanks to @​my-tien for the contribution!

[6.5.1] - 2026-01-07

Fixed

• Fix issue where Plotly Express ignored trace-specific color sequences defined in templates via template.data.<trace_type> [#5437], with thanks to @​antonymilne for the contribution!

Updated

• Speed up validate_gantt function [#5386], with thanks to @​misrasaurabh1 for the contribution!
• Update plotly.js from version 3.3.0 to version 3.3.1. See the plotly.js release notes for more information. [#5456]. Notable changes include:
  • Add support for arrays for the pie properties showlegend and legend, so that these can be configured per slice. [#7580]

[6.5.0] - 2025-11-17

Updated

• Update plotly.js from version 3.2.0 to version 3.3.0. See the plotly.js release notes for more information. [#5421]. Notable changes include:
  • Add hovertemplate for candlestick and ohlc traces [#7619]

... (truncated)

Commits

• 1a2065a Add missing attributions
• 8422e17 Add missing octothorpes
• fa9116f Update Jupyter Lab extension files
• c771ad5 Version changes for v6.7.0
• 067b954 Merge pull request #5565 from plotly/cam/update-plotly.js-v3.5.0
• 1b7de49 Update Jupyter support files
• d605d3e chore: Update plotly.js to v3.5.0
• 600f865 Merge pull request #5541 from plotly/migrate-to-gh-actions
• 10c7c56 Merge pull request #5518 from mosh3eb/fix/broken-license-link-readme
• ea813dd Merge branch 'main' into fix/broken-license-link-readme
• Additional commits viewable in compare view

Updates requests to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

New Contributors

• @​ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

2.32.5 (2025-08-18)

Bugfixes

• The SSLContext caching feature originally introduced in 2.32.0 has created a new class of issues in Requests that have had negative impact across a number of use cases. The Requests team has decided to revert this feature as long term maintenance of it is proving to be unsustainable in its current iteration.

Deprecations

• Added support for Python 3.14.

... (truncated)

Commits

• 111d2b7 v2.33.1
• f0198e6 Fix malformed value parsing for Content-Type (#7309)
• bc7dd0f Fix cosmetic header validity parsing regex (#7308)
• 4443b1a Fix unintended test extra (#7306)
• 389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
• 7407309 Packaging: DRY out extras definition (#7277)
• bc04dfd v2.33.0
• 66d21cb Merge commit from fork
• 8b9bc8f Move badges to top of README (#7293)
• e331a28 Remove unused extraction call (#7292)
• Additional commits viewable in compare view

Updates polars to 1.40.1

Release notes

Sourced from polars's releases.

Python Polars 1.40.1

🚀 Performance improvements

• Skip validity mask processing in __array_ufunc__ when no inputs have nulls (#27358)

✨ Enhancements

• Cargo deny (#27363)
• Add maintain_order parameter to merge_sorted (#27263)

🐞 Bug fixes

• Honor having predicate in GroupBy iter (#27370)
• Use the physical dtype for NumUnorderedImplodeReducer arrow ListArray (#27375)
• Address bug in reduce_balanced for certain input length lists affecting pl.concat (#27352)
• Ensure list.sample() allows fraction > 1 when with_replacement=True (#27350)
• Ensure append() errors when upcast=False (#27346)
• Always rechunk sorts, prune sorts even in eager execution (#27356)
• Fix typing for DataFrame.__init__ and Series.__init__ so they don't require all optional dependencies to be installed (#27348)

📖 Documentation

• Split out openlineage docs into guide and configuration (#27371)
• Add explanation on the observatory sqlite db file (#27354)

🛠️ Other improvements

• Disable mypy type checking for pyarrow calls (#27377)
• Disable debug symbols in macos coverage tests (#27361)
• Cargo deny (#27363)

Thank you to all our contributors for making this release possible! @​EndPositive, @​Kevin-Patyk, @​MarcoGorelli, @​carnarez, @​dsprenkels, @​gab23r, @​jonathanchang31, @​kdn36, @​mzjp2 and @​ritchie46

Commits

• 344a0ea Python Polars 1.40.1 (#27381)
• 4856eb3 fix: Honor having predicate in GroupBy iter (#27370)
• f992305 chore(python): Disable mypy type checking for pyarrow calls (#27377)
• 17f9074 chore: Disable debug symbols in macos coverage tests (#27361)
• 44948d3 fix: Use the physical dtype for NumUnorderedImplodeReducer arrow `ListArray...
• 6bb1cf8 fix(python): Address bug in reduce_balanced for certain input length lists ...
• fb70396 docs: Split out openlineage docs into guide and configuration (#27371)
• 2436421 fix: Ensure list.sample() allows fraction > 1 when `with_replacement=True...
• 21f150f ci(rust): Cargo deny (#27363)
• dd9be47 perf: Skip validity mask processing in array_ufunc when no inputs have nu...
• Additional commits viewable in compare view

Updates pyarrow to 24.0.0

Release notes

Sourced from pyarrow's releases.

Apache Arrow 24.0.0

Release Notes URL: https://arrow.apache.org/release/24.0.0.html

Commits

• 31b4b6c MINOR: [Release] Update versions for 24.0.0
• 06dbc17 MINOR: [Release] Update .deb/.rpm changelogs for 24.0.0
• a021d80 MINOR: [Release] Update CHANGELOG.md for 24.0.0
• 2d6b12c GH-49716: [C++] FixedShapeTensorType::Deserialize should strictly validate se...
• a74cb6a GH-49697: [C++][CI] Check IPC file body bounds are in sync with decoder outco...
• 871a0c6 GH-49676: [Python][Packaging] Fix gRPC docker image layer being too big for h...
• f9203b3 GH-49586: [C++][CI] StructToStructSubset test failure with libc++ 22.1.1 (#49...
• fe298b4 GH-49628: [Python][Interchange protocol] Suppress warnings for pandas 4.0.0 a...
• 1f94910 GH-49252: [GLib] Deprecate Feather features (#49673)
• 5ba5c3c GH-49671: [CI][Docs] Don't run jobs for push by Dependabot (#49672)
• Additional commits viewable in compare view

Updates pytest to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

Commits