Bump the python-packages group with 5 updates

[dependabot]

Bumps the python-packages group with 5 updates:

Package	From	To
db-dtypes	1.4.4	1.5.0
duckdb	1.4.4	1.5.0
pandas	3.0.1	2.3.3
filelock	3.25.0	3.25.1
ruff	0.15.4	0.15.5

Updates db-dtypes from 1.4.4 to 1.5.0

Release notes

Sourced from db-dtypes's releases.

db-dtypes 1.5.0

1.5.0 (2025-12-15)

Features

• Add support for Python 3.14 (#380) (c164a47b)

Changelog

Sourced from db-dtypes's changelog.

1.5.0 (2025-12-15)

Features

• Add support for Python 3.14 (#380) (c164a47be909203606cf982d6f0becc6c8efdb09)

Commits

• 58dc6fd chore: librarian release pull request: 20251215T132415Z (#382)
• c164a47 feat: Add support for Python 3.14 (#380)
• 5163c1c chore(tests): run unit tests after merge (#378)
• 86c0308 chore(librarian): update sha to support librarian 1.0.0 (#376)
• bd5a4c7 chore(librarian): onboard to librarian (#374)
• See full diff in compare view

Updates duckdb from 1.4.4 to 1.5.0

Release notes

Sourced from duckdb's releases.

DuckDB Python 1.5.0 "Variegata"

This is the 1.5.0 release of DuckDB's Python bindings. For a list of changes in DuckDB core, have a look at the DuckDB release notes and the blogpost.

Breaking Changes

• Dropped Python 3.9 support. The minimum supported version is now Python 3.10.
• Removed deprecated duckdb.typing and duckdb.functional modules. These were deprecated in 1.4.0. Use duckdb.sqltypes and duckdb.func instead.
• Renamed column parameter to expression in relational API functions (e.g., min, max, sum, mean, etc.) to better reflect that these accept expressions, not just column names.
• Deprecated fetch_arrow_table() and fetch_record_batch() on connections and relations. Use the new to_arrow_table() and to_arrow_reader() methods instead.

New Features

• Polars LazyFrame projection and filter pushdown. DuckDB can now push down projections and filters when scanning Polars LazyFrames, including support for cast nodes and unstrict casts.
• Polars Int128 / UInt128 support.
• VARIANT type support — Python conversion, NumPy array wrapping, and type stubs.
• TIME_NS type support — nanosecond-precision time values across Python, NumPy, and Spark type systems.
• Profiling API — new get_profiling_info() and get_profiling_json() methods on connections, plus a refactored query_graph module with improved HTML visualization (dark mode, expandable phases, depth).
• to_arrow_table() and to_arrow_reader() — new methods on connections and relations as the preferred Arrow export API.

Performance

• __arrow_c_stream__ on relations — relations now export via the Arrow PyCapsule interface using PhysicalArrowCollector for zero-copy streaming.
• Unified Arrow stream scanning via __arrow_c_stream__, with filter pushdown only when pyarrow is present.
• Arrow schema caching to avoid repeated lookups during scanning.
• Arrow object type caching to avoid repeated detection.
• Empty params treated as None for .sql() — avoids unnecessary parameter binding overhead.
• Simplified GIL management for FetchRow.

Bug Fixes

• Fixed Python object leak in scalar UDFs — PyObject_CallObject return values are now properly stolen to avoid reference count leaks.
• Fixed reference cycle between connections and relations that could prevent garbage collection.
• Relations now hold a reference to their connection, preventing premature connection closure.
• Fixed fsspec race condition in the Python filesystem implementation.
• Fixed numeric conversion logic — improved handling of large integers (fallback to VARCHAR) and UNION types.
• pyarrow.dataset import is now optional — no longer fails if pyarrow is installed without the dataset module.
• Thrown a reasonable error when an Arrow array stream has already been consumed.

Build & Packaging

• jemalloc enabled on Linux x86_64 only (aligned with DuckDB core), removed as a separately bundled extension.
• MSVC runtime linked statically on Windows — eliminates the VS2019 workaround from duckdb/duckdb#17991.

Commits

• 87e7928 pin release
• a85f289 [duckdb-labs bot] Bump DuckDB submodule (#365)
• e0ebd50 Bump submodule
• 2955da9 [duckdb-labs bot] Bump DuckDB submodule (#360)
• 7ca17e5 Bump submodule
• fb7cee8 Pin submodule to release hash
• 6b092b0 [duckdb-labs bot] Bump DuckDB submodule (#355)
• 3e7a6d3 Bump submodule
• 55013e1 Allow strict casts of literals only in polars lazyframe pushdown (#348)
• b8d19d0 Fix failing tests
• Additional commits viewable in compare view

Updates pandas from 3.0.1 to 2.3.3

Commits

• 9c8bc3e RLS: 2.3.3
• 6aa788a [backport 2.3.x] DOC: prepare 2.3.3 whatsnew notes for release (#62499) (#62508)
• b64f0df [backport 2.3.x] BUG: avoid validation error for ufunc with string[python] ar...
• 058eb2b [backport 2.3.x] BUG: String[pyarrow] comparison with mixed object (#62424) (...
• 2ca088d [backport 2.3.x] DEPR: remove the Period resampling deprecation (#62480) (#62...
• 92bf98f [backport 2.3.x] BUG: fix .str.isdigit to honor unicode superscript for older...
• e57c7d6 Backport PR #62452 on branch 2.3.x (TST: Adjust tests for numexpr 2.13) (#62454)
• e0fe9a0 Backport to 2.3.x: REGR: from_records not initializing subclasses properly (#...
• 23a1085 BUG: improve future warning for boolean operations with missaligned indexes (...
• 6113696 Backport PR #62396 on branch 2.3.x (PKG/DOC: indicate Python 3.14 support in ...
• Additional commits viewable in compare view

Updates filelock from 3.25.0 to 3.25.1

Release notes

Sourced from filelock's releases.

3.25.1

What's Changed

• 📝 docs(logo): add branded project logo by @​gaborbernat in tox-dev/filelock#507
• 🐛 fix(win): restore best-effort lock file cleanup on release by @​gaborbernat in tox-dev/filelock#511

Full Changelog: tox-dev/filelock@3.25.0...3.25.1

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.25.1 (2026-03-09)

---

• [pre-commit.ci] pre-commit autoupdate :pr:510 - by :user:pre-commit-ci[bot]
• 🐛 fix(win): restore best-effort lock file cleanup on release :pr:511
• [pre-commit.ci] pre-commit autoupdate :pr:508 - by :user:pre-commit-ci[bot]
• 📝 docs(logo): add branded project logo :pr:507

---

3.25.0 (2026-03-01)

---

• ✨ feat(async): add AsyncReadWriteLock :pr:506
• Standardize .github files to .yaml suffix
• build(deps): bump actions/download-artifact from 7 to 8 :pr:503 - by :user:dependabot[bot]
• build(deps): bump actions/upload-artifact from 6 to 7 :pr:502 - by :user:dependabot[bot]
• Move SECURITY.md to .github/SECURITY.md
• Add security policy
• Add permissions to check workflow :pr:500
• [pre-commit.ci] pre-commit autoupdate :pr:499 - by :user:pre-commit-ci[bot]

---

3.24.3 (2026-02-19)

---

• 🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:495
• 🐛 fix(ci): add trailing blank line after changelog entries :pr:492

---

3.24.2 (2026-02-16)

---

• 🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:491
• 🐛 fix(test): resolve flaky write non-starvation test :pr:490
• 📝 docs: restructure using Diataxis framework :pr:489

---

3.24.1 (2026-02-15)

---

• 🐛 fix(soft): resolve Windows deadlock and test race condition :pr:488

---

3.24.0 (2026-02-14)

---

... (truncated)

Commits

• d8b04b5 Release 3.25.1
• 0633386 [pre-commit.ci] pre-commit autoupdate (#510)
• 7f2247d 🐛 fix(win): restore best-effort lock file cleanup on release (#511)
• 5ae1c4e [pre-commit.ci] pre-commit autoupdate (#508)
• bcffcfe 📝 docs(logo): add branded project logo (#507)
• See full diff in compare view

Updates ruff from 0.15.4 to 0.15.5

Release notes

Sourced from ruff's releases.

0.15.5

Release Notes

Released on 2026-03-05.

Preview features

• Discover Markdown files by default in preview mode (#23434)
• [perflint] Extend PERF102 to comprehensions and generators (#23473)
• [refurb] Fix FURB101 and FURB103 false positives when I/O variable is used later (#23542)
• [ruff] Add fix for none-not-at-end-of-union (RUF036) (#22829)
• [ruff] Fix false positive for re.split with empty string pattern (RUF055) (#23634)

Bug fixes

• [fastapi] Handle callable class dependencies with __call__ method (FAST003) (#23553)
• [pydocstyle] Fix numpy section ordering (D420) (#23685)
• [pyflakes] Fix false positive for names shadowing re-exports (F811) (#23356)
• [pyupgrade] Avoid inserting redundant None elements in UP045 (#23459)

Documentation

• Document extension mapping for Markdown code formatting (#23574)
• Update default Python version examples (#23605)

Other changes

• Publish releases to Astral mirror (#23616)

Contributors

• @​amyreese
• @​stakeswky
• @​chirizxc
• @​anishgirianish
• @​bxff
• @​zsol
• @​charliermarsh
• @​ntBre
• @​kar-ganap

Install ruff 0.15.5

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.15.5/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.5

Released on 2026-03-05.

Preview features

• Discover Markdown files by default in preview mode (#23434)
• [perflint] Extend PERF102 to comprehensions and generators (#23473)
• [refurb] Fix FURB101 and FURB103 false positives when I/O variable is used later (#23542)
• [ruff] Add fix for none-not-at-end-of-union (RUF036) (#22829)
• [ruff] Fix false positive for re.split with empty string pattern (RUF055) (#23634)

Bug fixes

• [fastapi] Handle callable class dependencies with __call__ method (FAST003) (#23553)
• [pydocstyle] Fix numpy section ordering (D420) (#23685)
• [pyflakes] Fix false positive for names shadowing re-exports (F811) (#23356)
• [pyupgrade] Avoid inserting redundant None elements in UP045 (#23459)

Documentation

• Document extension mapping for Markdown code formatting (#23574)
• Update default Python version examples (#23605)

Other changes

• Publish releases to Astral mirror (#23616)

Contributors

• @​amyreese
• @​stakeswky
• @​chirizxc
• @​anishgirianish
• @​bxff
• @​zsol
• @​charliermarsh
• @​ntBre
• @​kar-ganap

Commits

• 5e4a3d9 Bump 0.15.5 (#23743)
• 69c23cc [ty] Render all changed diagnostics in conformance.py (#23613)
• 4926bd5 [ty] Split deferred checks out of types/infer/builder.rs (#23740)
• 9a70f5e Discover markdown files by default in preview mode (#23434)
• 3dc78b0 [ty] Use HasOptionalDefinition for except handlers (#23739)
• a6a5e8d [ty] Fix precedence of all selector in TOML configurations (#23723)
• 2a5384b [ty] Make all selector case sensitive (#23713)
• db77d7b [ty] Add a diagnostic if a TypeVar is used to specialize a ParamSpec, or ...
• db28490 [ty] Override home directory in ty tests (#23724)
• 5f0fd91 [ty] More type-variable default validation (#23639)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Summary by cubic

Updates core Python deps: duckdb to 1.5.0, db-dtypes to 1.5.0, pandas to 2.3.3, filelock to 3.25.1, and ruff to 0.15.5. Notable: DuckDB 1.5 has breaking changes; pandas aligns to 2.3 and adds pytz in the lock.

• Dependencies

  • duckdb 1.5.0: drops Python 3.9; removes duckdb.typing/duckdb.functional; adds to_arrow_table()/to_arrow_reader(); relational API renames column→expression.
  • pandas 2.3.3: stability fixes; lock adds pytz.
  • db-dtypes 1.5.0: Python 3.14 support.
  • filelock 3.25.1: Windows lock-file cleanup fix.
  • ruff 0.15.5: lint rule fixes and minor updates.

• Migration

  • Ensure Python >= 3.10 for duckdb 1.5.
  • Replace imports: duckdb.typing→duckdb.sqltypes, duckdb.functional→duckdb.func.
  • Switch Arrow exports to to_arrow_table()/to_arrow_reader().
  • Update uses of named param column to expression in DuckDB relational calls.
  • Verify code against pandas 2.x APIs; ensure pytz is available in deploys.

^{Written for commit 6c417b7. Summary will update on new commits.}

[cubic-dev-ai]

No issues found across 1 file

Architecture diagram

sequenceDiagram
    participant App as Python Application
    participant FL as filelock (3.25.1)
    participant DDB as DuckDB (1.5.0)
    participant Data as Pandas/Arrow
    participant FS as File System

    Note over App, FS: Runtime Interaction Changes (Dependency Upgrades)

    rect rgb(30, 41, 59)
    Note right of FL: Concurrency Control
    App->>FL: acquire() lock
    FL->>FS: Open/Lock file
    FL-->>App: Lock granted
    Note over FL, FS: CHANGED: Improved best-effort cleanup on Windows
    end

    rect rgb(23, 37, 84)
    Note right of DDB: Database Operations
    App->>DDB: sql("SELECT ...")
    DDB-->>App: Relation Object

    App->>DDB: CHANGED: aggregate(expression="col_name")
    Note right of DDB: Param 'column' renamed to 'expression'

    alt Arrow Export (Modern)
        App->>DDB: NEW: to_arrow_table()
        DDB->>Data: NEW: __arrow_c_stream__ (PyCapsule)
        Note over DDB, Data: Zero-copy streaming via PhysicalArrowCollector
        Data-->>App: Arrow Table
    else Arrow Export (Legacy)
        App->>DDB: CHANGED: fetch_arrow_table()
        Note right of App: Deprecated in v1.5.0
        DDB-->>App: Arrow Table
    end
    end

    rect rgb(5, 46, 22)
    Note right of Data: Data Processing
    App->>Data: Convert to DataFrame
    Note over Data: CHANGED: Pandas 2.3.3 / db-dtypes 1.5.0
    Data-->>App: Results
    end

    App->>FL: release()
    FL->>FS: CHANGED: Lock file cleanup (Windows fix)

Loading

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml