Bump the python-production group across 1 directory with 9 updates

[dependabot]

Bumps the python-production group with 9 updates in the / directory:

Package	From	To
dill	0.3.9	0.4.0
numpy	2.2.3	2.3.3
pandas	2.2.3	2.3.3
pyarrow	19.0.1	21.0.0
pyyaml	6.0.2	6.0.3
scipy	1.15.2	1.16.2
shapely	2.0.7	2.1.2
sql-metadata	2.15.0	2.17.0
sqlalchemy	2.0.38	2.0.44

Updates dill from 0.3.9 to 0.4.0

Commits

• 16eb90b tag: 0.4.0
• cd7a5a8 Bump jinja2 from 3.1.5 to 3.1.6 in /docs (#705)
• 0717bd1 move travis build of 3.9 to focal (#708)
• 599265e fix CodeType support for PyPy3.11 7.3.19+ (#707)
• acc49cf update docs requirements; CI for pypy3.11 (#702)
• a3d129f support pypy-3.11 (#701)
• 7f678e7 Bump jinja2 from 3.1.4 to 3.1.5 in /docs (#695)
• 5adb444 updated copyright for 2025 (#696)
• c8b8c57 fix typo in requirements (#693)
• e3c85c8 Bump starlette from 0.37.2 to 0.40.0 in /docs (#686)
• Additional commits viewable in compare view

Updates numpy from 2.2.3 to 2.3.3

Release notes

Sourced from numpy's releases.

2.3.3 (Sep 9, 2025)

NumPy 2.3.3 Release Notes

The NumPy 2.3.3 release is a patch release split between a number of maintenance updates and bug fixes. This release supports Python versions 3.11-3.14. Note that the 3.14.0 final is currently expected in Oct, 2025. This release is based on 3.14.0rc2.

Contributors

A total of 13 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Aleksandr A. Voyt +
• Bernard Roesler +
• Charles Harris
• Hunter Hogan +
• Joren Hammudoglu
• Maanas Arora
• Matti Picus
• Nathan Goldbaum
• Raghuveer Devulapalli
• Sanjay Kumar Sakamuri Kamalakar +
• Tobias Markus +
• Warren Weckesser
• Zebreus +

Pull requests merged

A total of 23 pull requests were merged for this release.

• #29440: MAINT: Prepare 2.3.x for further development.
• #29446: BUG: Fix test_configtool_pkgconfigdir to resolve PKG_CONFIG_DIR...
• #29447: BLD: allow targeting webassembly without emscripten
• #29460: MAINT: Backport write_release.py
• #29473: MAINT: Bump pypa/cibuildwheel from 3.1.0 to 3.1.2
• #29500: BUG: Always return a real dtype from linalg.cond (gh-18304) (#29333)
• #29501: MAINT: Add .file entry to all .s SVML files
• #29556: BUG: Casting from one timedelta64 to another didn't handle NAT.
• #29562: BLD: update vendored Meson to 1.8.3 [wheel build]
• #29563: BUG: Fix metadata not roundtripping when pickling datetime (#29555)
• #29587: TST: update link and version for Intel SDE download
• #29593: TYP: add sorted kwarg to unique
• #29672: MAINT: Update pythoncapi-compat from main.
• #29673: MAINT: Update cibuildwheel.
• #29674: MAINT: Fix typo in wheels.yml
• #29683: BUG, BLD: Correct regex for ppc64 VSX3/VSX4 feature detection
• #29684: TYP: ndarray.fill() takes no keyword arguments
• #29685: BUG: avoid thread-unsafe refcount check in temp elision
• #29687: CI: replace comment-hider action in mypy_primer workflow

... (truncated)

Commits

• f2a77a7 Merge pull request #29702 from charris/prepare-2.3.3
• 8641006 REL: Prepare for the NumPy 2.3.3 release [wheel build]
• f024265 Merge pull request #29701 from charris/backport-29697
• 84f2eed Merge pull request #29700 from charris/backport-29695
• 7cacdbf Update VXE and VXE2 detection regex patterns
• 028c469 TYP: appease ruff
• 4b80666 TYP: fix np.bool method declarations
• f2a6b75 Merge pull request #29691 from charris/backport-29665
• a707cbf Merge pull request #29689 from charris/backport-29662
• 3d66056 BUG: use correct input dtype in flatiter assignment
• Additional commits viewable in compare view

Updates pandas from 2.2.3 to 2.3.3

Release notes

Sourced from pandas's releases.

Pandas 2.3.3

We are pleased to announce the release of pandas 2.3.3. This release includes some improvements and fixes to the future string data type (preview feature for the upcoming pandas 3.0). We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.3.3 supports Python 3.9 and higher, and is the first release to support Python 3.14.

The release will be available on the conda-forge channel:

conda install pandas --channel conda-forge

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Pandas 2.3.2

We are pleased to announce the release of pandas 2.3.2. This release includes some improvements and fixes to the future string data type (preview feature for the upcoming pandas 3.0). We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.3.2 supports Python 3.9 and higher.

The release will be available on the conda-forge channel:

conda install pandas --channel conda-forge

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Pandas 2.3.1

We are pleased to announce the release of pandas 2.3.1. This release includes some improvements and fixes to the future string data type (preview feature for the upcoming pandas 3.0). We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.3.1 supports Python 3.9 and higher.

The release will be available on the conda-forge channel:

conda install pandas --channel conda-forge

Or via PyPI:

... (truncated)

Commits

• 9c8bc3e RLS: 2.3.3
• 6aa788a [backport 2.3.x] DOC: prepare 2.3.3 whatsnew notes for release (#62499) (#62508)
• b64f0df [backport 2.3.x] BUG: avoid validation error for ufunc with string[python] ar...
• 058eb2b [backport 2.3.x] BUG: String[pyarrow] comparison with mixed object (#62424) (...
• 2ca088d [backport 2.3.x] DEPR: remove the Period resampling deprecation (#62480) (#62...
• 92bf98f [backport 2.3.x] BUG: fix .str.isdigit to honor unicode superscript for older...
• e57c7d6 Backport PR #62452 on branch 2.3.x (TST: Adjust tests for numexpr 2.13) (#62454)
• e0fe9a0 Backport to 2.3.x: REGR: from_records not initializing subclasses properly (#...
• 23a1085 BUG: improve future warning for boolean operations with missaligned indexes (...
• 6113696 Backport PR #62396 on branch 2.3.x (PKG/DOC: indicate Python 3.14 support in ...
• Additional commits viewable in compare view

Updates pyarrow from 19.0.1 to 21.0.0

Release notes

Sourced from pyarrow's releases.

Apache Arrow 21.0.0

Release Notes URL: https://arrow.apache.org/release/21.0.0.html

Apache Arrow 21.0.0 RC6

Release Notes: Release Candidate: 21.0.0 RC6

Apache Arrow 21.0.0 RC5

Release Notes: Release Candidate: 21.0.0 RC5

Apache Arrow 21.0.0 RC4

Release Notes: Release Candidate: 21.0.0 RC4

Apache Arrow 21.0.0 RC3

Release Notes: Release Candidate: 21.0.0 RC3

Apache Arrow 21.0.0 RC2

Release Notes: Release Candidate: 21.0.0 RC2

Apache Arrow 20.0.0

Release Notes URL: https://arrow.apache.org/release/20.0.0.html

Apache Arrow 20.0.0 RC2

Release Notes: Release Candidate: 20.0.0 RC2

Apache Arrow 20.0.0 RC1

Release Notes: Release Candidate: 20.0.0 RC1

Apache Arrow 20.0.0 RC0

Release Notes: Release Candidate: 20.0.0 RC0

Commits

• ee4d09e MINOR: [Release] Update versions for 21.0.0
• f13a579 MINOR: [Release] Update .deb/.rpm changelogs for 21.0.0
• 6fd2a16 MINOR: [Release] Update CHANGELOG.md for 21.0.0
• cf261bf GH-47078: [Release] Ensure using cloned apache/arrow for reproducible check (...
• ddbc3dc GH-47074: [Release] Use reproducible mtime for csharp/ in source archive (#47...
• 0534eb2 GH-47071: [Release] Dereference all hard links in source archive (#47072)
• f845b41 GH-47069: [Release] Add missing "needs: target" (#47070)
• 1c08f8e GH-47067: [Release] Fix wrong GitHub Actions context in verify_rc.yml (#47068)
• 70e5c51 GH-47065: [Release] Fix timeout key in verify_rc.yml (#47066)
• 254a85c GH-47063: [Release] Define missing RELEASE_TARBALL (#47064)
• Additional commits viewable in compare view

Updates pyyaml from 6.0.2 to 6.0.3

Release notes

Sourced from pyyaml's releases.

6.0.3

What's Changed

• Support for Python 3.14 and free-threading (experimental).

Full Changelog: yaml/pyyaml@6.0.2...6.0.3

Changelog

Sourced from pyyaml's changelog.

6.0.3 (2025-09-25)

• yaml/pyyaml#864 -- Support for Python 3.14 and free-threading (experimental)

Commits

• 49790e7 Release 6.0.3 (#889)
• See full diff in compare view

Updates scipy from 1.15.2 to 1.16.2

Release notes

Sourced from scipy's releases.

SciPy 1.16.2 Release Notes

SciPy 1.16.2 is a bug-fix release with no new features compared to 1.16.1. This is the first stable release of SciPy to provide Windows on ARM wheels on PyPI.

Authors

• Name (commits)
• Dietrich Brunn (1)
• Ralf Gommers (6)
• Adam Jones (1)
• Gleb Khmyznikov (1) +
• Jost Migenda (1) +
• newyork_loki (1)
• Nick ODell (3)
• Dimitri Papadopoulos Orfanos (1)
• Ilhan Polat (2)
• Tyler Reddy (26)
• Mugunthan Selvanayagam (1) +
• Shuhei Watanabe (1) +

A total of 12 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

The full issue and pull request lists, and the release asset hashes are available in the associated README.txt file.

SciPy 1.16.1 Release Notes

SciPy 1.16.1 is a bug-fix release that adds support for Python 3.14.0rc1, including PyPI wheels.

Authors

• Name (commits)
• Evgeni Burovski (1)
• Rob Falck (1)
• Ralf Gommers (7)
• Geoffrey Gunter (1) +
• Matt Haberland (2)
• Joren Hammudoglu (1)
• Andrew Nelson (2)
• newyork_loki (1) +
• Ilhan Polat (1)

... (truncated)

Commits

• b1296b9 REL: 1.16.2 release commit [wheel build]
• e0ef26f Merge pull request #23543 from tylerjereddy/treddy_backports_1.16.2
• 959fc7c CI: PR 23543 revisions [wheel build]
• 01c9517 TST: PR 23543 revisions
• c3f4323 DOC, MAINT: PR 23543 revisions
• 381549e BUG: fix memory leaks in optimize.nnls and linalg.sqrtm (#23563)
• 3f48506 CI: pin scikit-umfpack to 0.3.3 to avoid failures, 0.4.2 is broken. (#23576)
• f1c648a TST: PR 23543 revisions
• 963a466 CI: bump OpenBLAS version to latest release (0.3.29.265.1)
• 57c0b27 BUG: PR 23543 revisions
• Additional commits viewable in compare view

Updates shapely from 2.0.7 to 2.1.2

Release notes

Sourced from shapely's releases.

2.1.2

Wheels are available for Python 3.14 (and still include GEOS 3.13.1).

2.1.1

Bug fixes:

• Fix performance degradation calling shapely functions (caused by deprecation of certain positional arguments) (#2283).
• Fix crash caused by from_ragged_array() (#2291).
• Fix compilation error building with recent LLVM toolchain (#2293).

For a full changelog , see https://shapely.readthedocs.io/en/latest/release/2.x.html#version-2-1-1

2.1.0

Shapely 2.1.0 is a feature release with various new functions, improvements and bug fixes. Highlights include initial support for geometries with M or ZM values, functionality for coverage validation and simplification, and a set of new top-level functions.

Shapely supports Python >= 3.10, and binary wheels on PyPI include GEOS 3.13.1 and are now also provided for musllinux (Alpine) x86_64 platforms.

For a full changelog, see https://shapely.readthedocs.io/en/latest/release/2.x.html#version-2-1-0

2.1.0rc1

Shapely version 2.1.0 is a major release featuring various new functions, improvements and bug fixes. This is a first release candidate.

For a full changelog, see https://shapely.readthedocs.io/en/latest/release/2.x.html#version-2-1-0-unreleased

Changelog

Sourced from shapely's changelog.

2.1.2 (2025-09-24)

Wheels are available for Python 3.14 (and still include GEOS 3.13.1).

2.1.1 (2025-05-19)

Bug fixes:

• Fix performance degradation calling shapely functions (caused by deprecation of certain positional arguments) (#2283).
• Fix crash caused by from_ragged_array() (#2291).
• Fix compilation error building with recent LLVM toolchain (#2293).

2.1.0 (2025-04-03)

Shapely 2.1.0 is a feature release with various new functions, improvements and bug fixes. Highlights include initial support for geometries with M or ZM values, functionality for coverage validation and simplification, and a set of new top-level functions.

Shapely supports Python >= 3.10, and binary wheels on PyPI include GEOS 3.13.1 and are now also provided for musllinux (Alpine) x86_64 platforms.

For a full changelog, see https://shapely.readthedocs.io/en/latest/release/2.x.html#version-2-1-0

Commits

• 5fb639d RLS: 2.1.2
• 70509a1 DOC/RLS: indicate Python 3.14 support in pyproject.toml and release notes for...
• 5c572b6 CI: add testing with GEOS 3.14 and Python 3.14 (#2330)
• a909333 Bump pypa/cibuildwheel from 3.1.3 to 3.2.0 (#2328)
• 2086d44 Bump actions/setup-python from 5 to 6 (#2326)
• 50c1cf3 Bump actions/download-artifact from 4 to 5 (#2321)
• 39490ab TST: update test_coverage_union_overlapping_inputs for upstream GEOS change (...
• 5ef437c Bump actions/checkout from 4 to 5 (#2320)
• 7b5ff3d BLD: add Python 3.14 wheels [Bump pypa/cibuildwheel from 3.0.1 to 3.1.3] (#2316)
• 480dbb1 TST: update frechet_distance densify test for latest GEOS main (densify>0.001...
• Additional commits viewable in compare view

Updates sql-metadata from 2.15.0 to 2.17.0

Release notes

Sourced from sql-metadata's releases.

Fix handling of the ALTER TABLE ... ADD KEY queries and logging fixes

What's Changed

• Bump black from 24.10.0 to 25.1.0 by @​dependabot in macbre/sql-metadata#548
• Bump flake8 from 5.0.4 to 7.2.0 by @​dependabot in macbre/sql-metadata#549
• Bump coverage from 6.5.0 to 7.8.0 by @​dependabot in macbre/sql-metadata#547
• Bump pytest-cov from 5.0.0 to 6.1.1 by @​dependabot in macbre/sql-metadata#550
• query_type: shorten the SQL query when logging the exception by @​macbre in macbre/sql-metadata#552
• Fix handling of the ALTER TABLE ... ADD KEY queries by @​macbre in macbre/sql-metadata#553

Full Changelog: macbre/sql-metadata@v2.16.0...v2.17.0

Allow overriding sqlparse.parse() and drop support for Python 3.8

What's Changed

• Bump pytest from 8.3.3 to 8.3.4 by @​dependabot in macbre/sql-metadata#533
• Bump sqlparse from 0.5.2 to 0.5.3 by @​dependabot in macbre/sql-metadata#535
• Test using Python 3.13 + drop Python 3.8 by @​macbre in macbre/sql-metadata#546
• Bump dependabot/fetch-metadata from 2.2.0 to 2.3.0 by @​dependabot in macbre/sql-metadata#539
• Allow overriding sqlparse.parse() by @​illes in macbre/sql-metadata#545

New Contributors

• @​illes made their first contribution in macbre/sql-metadata#545 - thanks!

Full Changelog: macbre/sql-metadata@v2.15.0...v2.16.0

Commits

• 764f3a3 v2.17.0
• 9a8b1e0 Fix handling of the ALTER TABLE ... ADD KEY queries (#553)
• 8df3ffc query_type: shorten the SQL query when logging the exception (#552)
• cc9017d Bump pytest-cov from 5.0.0 to 6.1.1 (#550)
• 0af4641 Bump coverage from 6.5.0 to 7.8.0 (#547)
• 1d0ad2d Bump flake8 from 5.0.4 to 7.2.0 (#549)
• 28f0a61 Bump black from 24.10.0 to 25.1.0 (#548)
• 176bbcf v2.16.0
• 5d0389e Allow overriding sqlparse.parse() (#545)
• 5ec2015 Bump dependabot/fetch-metadata from 2.2.0 to 2.3.0 (#539)
• Additional commits viewable in compare view

Updates sqlalchemy from 2.0.38 to 2.0.44

Release notes

Sourced from sqlalchemy's releases.

2.0.44

Released: October 10, 2025

platform

• [platform] [bug] Unblocked automatic greenlet installation for Python 3.14 now that there are greenlet wheels on pypi for python 3.14.

orm

• [orm] [usecase] The way ORM Annotated Declarative interprets Python PEP 695 type aliases in Mapped[] annotations has been refined to expand the lookup scheme. A PEP 695 type can now be resolved based on either its direct presence in _orm.registry.type_annotation_map or its immediate resolved value, as long as a recursive lookup across multiple PEP 695 types is not required for it to resolve. This change reverses part of the restrictions introduced in 2.0.37 as part of #11955, which deprecated (and disallowed in 2.1) the ability to resolve any PEP 695 type that was not explicitly present in _orm.registry.type_annotation_map. Recursive lookups of PEP 695 types remains deprecated in 2.0 and disallowed in version 2.1, as do implicit lookups of NewType types without an entry in _orm.registry.type_annotation_map.

  Additionally, new support has been added for generic PEP 695 aliases that refer to PEP 593 Annotated constructs containing _orm.mapped_column() configurations. See the sections below for examples.

  References: #12829

• [orm] [bug] Fixed a caching issue where _orm.with_loader_criteria() would incorrectly reuse cached bound parameter values when used with _sql.CompoundSelect constructs such as _sql.union(). The issue was caused by the cache key for compound selects not including the execution options that are part of the _sql.Executable base class, which _orm.with_loader_criteria() uses to apply its criteria dynamically. The fix ensures that compound selects and other executable constructs properly include execution options in their cache key traversal.

  References: #12905

engine

• [engine] [bug] Implemented initial support for free-threaded Python by adding new tests and reworking the test harness to include Python 3.13t and Python 3.14t in

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions