chore(deps): bump the python-deps group across 1 directory with 19 updates

[dependabot]

Bumps the python-deps group with 19 updates in the / directory:

Package	From	To
openai	2.3.0	2.14.0
coverage	7.10.7	7.13.1
typer	0.19.2	0.21.0
sentence-transformers	5.1.1	5.2.0
huggingface-hub	0.35.3	1.2.3
faiss-cpu	1.12.0	1.13.2
numpy	2.3.3	2.4.0
scikit-learn	1.7.2	1.8.0
joblib	1.5.2	1.5.3
psutil	7.1.0	7.2.1
black	25.9.0	25.12.0
flake8-bugbear	24.12.12	25.11.29
flake8-pytest-style	2.1.0	2.2.0
mypy	1.18.2	1.19.1
pre-commit	4.3.0	4.5.1
pytest	8.4.2	9.0.2
pytest-asyncio	1.2.0	1.3.0
joblib-stubs	1.5.2.0.20250831	1.5.3.0.20251223
types-psutil	7.0.0.20251001	7.2.1.20251231

Updates openai from 2.3.0 to 2.14.0

Release notes

Sourced from openai's releases.

v2.14.0

2.14.0 (2025-12-19)

Full Changelog: v2.13.0...v2.14.0

Features

• api: slugs for new audio models; make all model params accept strings (e517792)

Bug Fixes

• use async_to_httpx_files in patch method (a6af9ee)

Chores

• internal: add --fix argument to lint script (93107ef)

v2.13.0

2.13.0 (2025-12-16)

Full Changelog: v2.12.0...v2.13.0

Features

• api: gpt-image-1.5 (1c88f03)

Chores

• ci: add CI job to detect breaking changes with the Agents SDK (#1436) (237c91e)
• internal: add missing files argument to base client (e6d6fd5)

v2.12.0

2.12.0 (2025-12-15)

Full Changelog: v2.11.0...v2.12.0

Features

• api: api update (a95c4d0)
• api: fix grader input list, add dated slugs for sora-2 (b2c389b)

v2.11.0

2.11.0 (2025-12-11)

Full Changelog: v2.10.0...v2.11.0

Features

... (truncated)

Changelog

Sourced from openai's changelog.

2.14.0 (2025-12-19)

Full Changelog: v2.13.0...v2.14.0

Features

• api: slugs for new audio models; make all model params accept strings (e517792)

Bug Fixes

• use async_to_httpx_files in patch method (a6af9ee)

Chores

• internal: add --fix argument to lint script (93107ef)

2.13.0 (2025-12-16)

Full Changelog: v2.12.0...v2.13.0

Features

• api: gpt-image-1.5 (1c88f03)

Chores

• ci: add CI job to detect breaking changes with the Agents SDK (#1436) (237c91e)
• internal: add missing files argument to base client (e6d6fd5)

2.12.0 (2025-12-15)

Full Changelog: v2.11.0...v2.12.0

Features

• api: api update (a95c4d0)
• api: fix grader input list, add dated slugs for sora-2 (b2c389b)

2.11.0 (2025-12-11)

Full Changelog: v2.10.0...v2.11.0

Features

• api: gpt 5.2 (dd9b8e8)

2.10.0 (2025-12-10)

... (truncated)

Commits

• d3e6321 release: 2.14.0
• 4547f1a codegen metadata
• a3c27a2 chore(internal): add --fix argument to lint script
• 51c6885 feat(api): slugs for new audio models; make all model params accept strings
• 62699d9 fix: use async_to_httpx_files in patch method
• 20af6aa codegen metadata
• f94256d release: 2.13.0
• 9dc1d1a feat(api): gpt-image-1.5
• 74b1e6f chore(ci): add CI job to detect breaking changes with the Agents SDK (#1436)
• 3c016c6 chore(internal): add missing files argument to base client
• Additional commits viewable in compare view

Updates coverage from 7.10.7 to 7.13.1

Changelog

Sourced from coverage's changelog.

Version 7.13.1 — 2025-12-28

• Added: the JSON report now includes a "start_line" key for function and class regions, indicating the first line of the region in the source. Closes issue 2110_.

• Added: The debug data command now takes file names as arguments on the command line, so you can inspect specific data files without needing to set the COVERAGE_FILE environment variable.

• Fix: the JSON report used to report module docstrings as executed lines, which no other report did, as described in issue 2105_. This is now fixed, thanks to Jianrong Zhao.

• Fix: coverage.py uses a more disciplined approach to detecting where third-party code is installed, and avoids measuring it. This shouldn't change any behavior. If you find that it does, please get in touch.

• Performance: data files that will be combined now record their hash as part of the file name. This lets us skip duplicate data more quickly, speeding the combining step.

• Docs: added a section explaining more about what is considered a missing branch and how it is reported: :ref:branch_explain, as requested in issue 1597. Thanks to Ayisha Mohammed <pull 2092_>.

• Tests: the test suite misunderstood what core was being tested if COVERAGE_CORE wasn't set on 3.14+. This is now fixed, closing issue 2109_.

.. _issue 1597: coveragepy/coveragepy#1597 .. _pull 2092: coveragepy/coveragepy#2092 .. _issue 2105: coveragepy/coveragepy#2105 .. _issue 2109: coveragepy/coveragepy#2109 .. _issue 2110: coveragepy/coveragepy#2110

.. _changes_7-13-0:

Version 7.13.0 — 2025-12-08

• Feature: coverage.py now supports :file:.coveragerc.toml configuration files. These files use TOML syntax and take priority over :file:pyproject.toml but lower priority than :file:.coveragerc files. Closes issue 1643_ thanks to Olena Yefymenko <pull 1952_>_.

• Fix: we now include a permanent .pth file which is installed with the code, fixing issue 2084_. In 7.12.1b1 this was done incorrectly: it didn't work when using the source wheel (py3-none-any). This is now fixed. Thanks,

... (truncated)

Commits

• a6afdc3 docs: sample HTML for 7.13.1
• a497081 docs: prep for 7.13.1
• e992033 docs: polish up CHANGES
• 18bba6e chore: bump the action-dependencies group with 4 updates (#2111)
• 80fb808 refactor: (?x:...) lets us use re.VERBOSE even when combining later
• cc272bd docs: leave a comment so we'll find this when 3.12 is the minimum
• 70d007d types: be explicit
• a2c1940 types: fully import modules that will be patched
• 57b975d types: explicit Protocol inheritance permits changing parameter names
• 63ec12d types: clarify that morfs arguments can be a single morf
• Additional commits viewable in compare view

Updates typer from 0.19.2 to 0.21.0

Release notes

Sourced from typer's releases.

0.21.0

Breaking Changes

• ➖ Drop support for Python 3.8. PR #1464 by @​tiangolo.
• ➖ Drop support for Python 3.8 in CI. PR #1463 by @​YuriiMotov and @​tiangolo.

Docs

• 📝 Update code examples to Python 3.9. PR #1459 by @​YuriiMotov.

Internal

• 💚 Move ruff dependency to shared requirements-docs-tests.txt to fix "Build docs" workflow in CI. PR #1458 by @​YuriiMotov.
• ⬆ Bump markdown-include-variants from 0.0.5 to 0.0.8. PR #1442 by @​dependabot[bot].
• 👷 Add pre-commit workflow. PR #1453 by @​tiangolo.
• 👷 Configure coverage, error on main tests, don't wait for Smokeshow. PR #1448 by @​YuriiMotov.
• 👷 Run Smokeshow always, even on test failures. PR #1447 by @​YuriiMotov.
• 🔨 Add Typer script to generate example variants for Python files. PR #1452 by @​tiangolo.

0.20.1

Features

• ✨ Add support for standard tracebacks via the env TYPER_STANDARD_TRACEBACK. PR #1299 by @​colin-nolan.

Fixes

• 🐛 Ensure that options_metavar is passed through correctly. PR #816 by @​gar1t.
• 🐛 Ensure an optional argument is shown in brackets, even when metavar is set. PR #1409 by @​svlandeg.
• 🐛 Ensure that the default rich_markup_mode is interpreted correctly. PR #1304 by @​svlandeg.

Refactors

• ♻️ Refactor the handling of shellingham. PR #1347 by @​nathanjmcdougall.

Docs

• 📝 Ensure that bold letters are rendered correctly in printing.md. PR #1365 by @​svlandeg.
• 🩺 Update test badge to only reflect pushes to master. PR #1414 by @​svlandeg.
• 📝 Update console output on the Rich help formatting page. PR #1430 by @​svlandeg.
• 📝 Update emoji used in Rich help formatting tutorial. PR #1429 by @​svlandeg.
• 📝 Remove duplicate explanation how the path is resolved. PR #956 by @​dennis-rall.
• 📝 Update docs to use Typer() more prominently. PR #1418 by @​svlandeg.
• 💄 Use font 'Fira Code' to fix display of Rich panels in docs in Windows. PR #1419 by @​tiangolo.

Internal

• 🔨 Add --showlocals to test.sh. PR #1169 by @​rickwporter.
• ⬆ Bump ruff from 0.14.6 to 0.14.8. PR #1436 by @​dependabot[bot].
• ⬆ [pre-commit.ci] pre-commit autoupdate. PR #1434 by @​pre-commit-ci[bot].
• ✅ Update tests to use mod.app . PR #1427 by @​svlandeg.

... (truncated)

Changelog

Sourced from typer's changelog.

0.21.0

Breaking Changes

• ➖ Drop support for Python 3.8. PR #1464 by @​tiangolo.
• ➖ Drop support for Python 3.8 in CI. PR #1463 by @​YuriiMotov and @​tiangolo.

Docs

• 📝 Update code examples to Python 3.9. PR #1459 by @​YuriiMotov.

Internal

• 💚 Move ruff dependency to shared requirements-docs-tests.txt to fix "Build docs" workflow in CI. PR #1458 by @​YuriiMotov.
• ⬆ Bump markdown-include-variants from 0.0.5 to 0.0.8. PR #1442 by @​dependabot[bot].
• 👷 Add pre-commit workflow. PR #1453 by @​tiangolo.
• 👷 Configure coverage, error on main tests, don't wait for Smokeshow. PR #1448 by @​YuriiMotov.
• 👷 Run Smokeshow always, even on test failures. PR #1447 by @​YuriiMotov.
• 🔨 Add Typer script to generate example variants for Python files. PR #1452 by @​tiangolo.

0.20.1

Features

• ✨ Add support for standard tracebacks via the env TYPER_STANDARD_TRACEBACK. PR #1299 by @​colin-nolan.

Fixes

• 🐛 Ensure that options_metavar is passed through correctly. PR #816 by @​gar1t.
• 🐛 Ensure an optional argument is shown in brackets, even when metavar is set. PR #1409 by @​svlandeg.
• 🐛 Ensure that the default rich_markup_mode is interpreted correctly. PR #1304 by @​svlandeg.

Refactors

• ♻️ Refactor the handling of shellingham. PR #1347 by @​nathanjmcdougall.

Docs

• 📝 Ensure that bold letters are rendered correctly in printing.md. PR #1365 by @​svlandeg.
• 🩺 Update test badge to only reflect pushes to master. PR #1414 by @​svlandeg.
• 📝 Update console output on the Rich help formatting page. PR #1430 by @​svlandeg.
• 📝 Update emoji used in Rich help formatting tutorial. PR #1429 by @​svlandeg.
• 📝 Remove duplicate explanation how the path is resolved. PR #956 by @​dennis-rall.
• 📝 Update docs to use Typer() more prominently. PR #1418 by @​svlandeg.
• 💄 Use font 'Fira Code' to fix display of Rich panels in docs in Windows. PR #1419 by @​tiangolo.

Internal

• 🔨 Add --showlocals to test.sh. PR #1169 by @​rickwporter.
• ⬆ Bump ruff from 0.14.6 to 0.14.8. PR #1436 by @​dependabot[bot].

... (truncated)

Commits

• 753cb32 🔖 Release version 0.21.0
• 6dd4f9b 📝 Update release notes
• 10d209c 📝 Update release notes
• fbff83e ➖ Drop support for Python 3.8 (#1464)
• 76e8462 📝 Update release notes
• 51e48d2 📝 Update code examples to Python 3.9 (#1459)
• b7f39ea 📝 Update release notes
• 6c28962 ➖ Drop support for Python 3.8 (#1463)
• 2108ffc 📝 Update release notes
• c1806c4 💚 Move ruff dependency to shared requirements-docs-tests.txt to fix "Buil...
• Additional commits viewable in compare view

Updates sentence-transformers from 5.1.1 to 5.2.0

Release notes

Sourced from sentence-transformers's releases.

v5.2.0 - CrossEncoder multi-processing, multilingual NanoBEIR evaluators, similarity score in mine_hard_negatives, Transformers v5 support

This minor release introduces multi-processing for CrossEncoder (rerankers), multilingual NanoBEIR evaluators, similarity score outputs in mine_hard_negatives, Transformers v5 support, Python 3.9 deprecations, and more.

Install this version with

# Training + Inference
pip install sentence-transformers[train]==5.2.0
Inference only, use one of:
pip install sentence-transformers==5.2.0
pip install sentence-transformers[onnx-gpu]==5.2.0
pip install sentence-transformers[onnx]==5.2.0
pip install sentence-transformers[openvino]==5.2.0

CrossEncoder Multi-processing

The CrossEncoder class now supports multiprocessing for faster inference on CPU and multi-GPU setups. This brings CrossEncoder functionality in line with the existing multiprocessing capabilities of SentenceTransformer models, allowing you to use multiple CPU cores or GPUs to speed up both the predict and rank methods when processing large batches of sentence pairs.

The implementation introduces these new methods, mirroring the SentenceTransformer approach:

• start_multi_process_pool() - Initialize a pool of worker processes
• stop_multi_process_pool() - Clean up the worker pool

Usage is straightforward with the new pool parameter:

from sentence_transformers.cross_encoder import CrossEncoder
def main():
model = CrossEncoder('cross-encoder/ms-marco-MiniLM-L6-v2')
# Start a pool of workers
pool = model.start_multi_process_pool()
Use the pool for faster inference
scores = model.predict(sentence_pairs, pool=pool)
rankings = model.rank(query, documents, pool=pool)
Clean up when done
model.stop_multi_process_pool(pool)

if name == "main":
main()

Or simply pass a list of devices to device to have predict and rank automatically create a pool behind the scenes.

from sentence_transformers.cross_encoder import CrossEncoder
</tr></table>

... (truncated)

Commits

• d4d70de Release v5.2.0
• b16248c docs: add release notes summary for v5.2 on main page (#3592)
• 2571f24 docs: update NanoBEIR collection links and descriptions for evaluators (#3591)
• 32cb5de Mine hard negatives: optionally output similarity scores (#3506)
• 9f9ad08 Extend NanoBEIR evaluators to support custom NanoBEIR datasets (#3583)
• 21dfa69 feat/deps: make Pillow an optional dependency (#3589)
• 67ff0fe Skip test_train_stsb tests; triggers rate limit too often (#3590)
• 4cb5cdc [deps] Use optimum-onnx now that both optimum-onnx and optimum-intel can us...
• 3f80d1c [feat] add multiprocessing support for Cross Encoder (#3580)
• f9724ff [feat] Allow transformers v5.0, add CI for transformers <v5 and >=v5 (#3586)
• Additional commits viewable in compare view

Updates huggingface-hub from 0.35.3 to 1.2.3

Release notes

Sourced from huggingface-hub's releases.

[v1.2.3] Fix private default value in CLI

Patch release for #3618 by @​Wauplin.

When creating a new repo, we should default to private=None instead of private=False. This is already the case when using the API but not when using the CLI. This is a bug likely introduced when switching to Typer. When defaulting to None, the repo visibility will default to False except if the organization has configured repos to be "private by default" (the check happens server-side, so it shouldn't be hardcoded client-side).

Full Changelog: huggingface/huggingface_hub@v1.2.2...v1.2.3

[v1.2.2] Fix unbound local error in local folder metadata + fix hf auth list logs

• Fix unbound local error when reading corrupted metadata files by @​Wauplin in #3610
• Fix auth_list not showing HF_TOKEN message when no stored tokens exist by @​hanouticelina in #3608

Full Changelog: huggingface/huggingface_hub@v1.2.1...v1.2.2

v1.2.1: Smarter Rate Limit Handling, Daily Papers API and more QoL improvements!

🚦 Smarter Rate Limit Handling

We've improved how the huggingface_hub library handles rate limits from the Hub. When you hit a rate limit, you'll now see clear, actionable error messages telling you exactly how long to wait and how many requests you have left.

HfHubHTTPError: 429 Too Many Requests for url: https://huggingface.co/api/models/username/reponame.
Retry after 55 seconds (0/2500 requests remaining in current 300s window).

When a 429 error occurs, the SDK automatically parses the RateLimit header to extract the exact number of seconds until the rate limit resets, then waits precisely that duration before retrying. This applies to file downloads (i.e. Resolvers), uploads, and paginated Hub API calls (list_models, list_datasets, list_spaces, etc.).

More info about Hub rate limits in the docs 👉 here.

• Parse rate limit headers for better 429 error messages by @​hanouticelina in #3570
• Use rate limit headers for smarter retry in http backoff by @​hanouticelina in #3577
• Harmonize retry behavior for metadata fetch and HfFileSystem by @​hanouticelina in #3583
• Add retry for preupload endpoint by @​hanouticelina in #3588
• Use default retry values in pagination by @​hanouticelina in #3587

✨ HF API

Daily Papers endpoint: You can now programmatically access Hugging Face's daily papers feed. You can filter by week, month, or submitter, and sort by publication date or trending.

from huggingface_hub import list_daily_papers
for paper in list_daily_papers(date="2025-12-03"):
print(paper.title)
DeepSeek-V3.2: Pushing the Frontier of Open Large Language Models
ToolOrchestra: Elevating Intelligence via Efficient Model and Tool Orchestration
MultiShotMaster: A Controllable Multi-Shot Video Generation Framework
Deep Research: A Systematic Survey
MG-Nav: Dual-Scale Visual Navigation via Sparse Spatial Memory
...
</tr></table>

... (truncated)

Commits

• 90faf8b Release: v1.2.3
• e333fed [CLI] Fix private should default to None, not False (#3618)
• 222bb9d Release: v1.2.2
• 877cec0 Fix unbound local error when reading corrupted metadata files (#3610)
• 8519f0d log a message when HF_TOKEN is set in auth list (#3608)
• d0bc914 Release: v1.2.1
• 59dd9f5 Merge branch 'main' into v1.2-release
• 5ad0254 Rename utility to is_offline_mode (#3598)
• 231c4cc Release: v1.2.0
• dc6e7be Release: v1.2.0.rc0
• Additional commits viewable in compare view

Updates faiss-cpu from 1.12.0 to 1.13.2

Release notes

Sourced from faiss-cpu's releases.

v1.13.2

What's Changed

• Bump faiss version to v1.13.2 by @​kyamagu in faiss-wheels/faiss-wheels#149

Full Changelog: faiss-wheels/faiss-wheels@v1.13.1...v1.13.2

v1.13.1

What's Changed

• Release v1.13.1 by @​kyamagu in faiss-wheels/faiss-wheels#148

Full Changelog: faiss-wheels/faiss-wheels@v1.13.0...v1.13.1

v1.13.0

What's Changed

• support FlexiBLAS as an alternative to OpenBLAS by @​goneri in faiss-wheels/faiss-wheels#138
• Migrate to scikit-build-core by @​kyamagu in faiss-wheels/faiss-wheels#141
• Revise README.md for improved clarity and formatting by @​kyamagu in faiss-wheels/faiss-wheels#142
• Update README.md by @​kyamagu in faiss-wheels/faiss-wheels#144
• Upgrade faiss to v1.13.0 by @​kyamagu in faiss-wheels/faiss-wheels#146

New Contributors

• @​goneri made their first contribution in faiss-wheels/faiss-wheels#138

Full Changelog: faiss-wheels/faiss-wheels@v1.12.0...v1.13.0

Commits

• 1fe76d3 Merge pull request #149 from faiss-wheels/release/v1.13.2
• 0f4d909 Skip failing musllinux tests on CI
• f535686 Disable test_flat_l2_panorama.py::TestIndexFlatL2Panorama::test_merge_from fo...
• 0f27240 Bump faiss version to v1.13.2
• 54f5aeb Release v1.13.1 (#148)
• 7fc0151 Upgrade faiss to v1.13.0 (#146)
• 85d5f26 Update README.md (#144)
• b51087a Revise README.md for improved clarity and formatting (#142)
• 2e51022 Migrate to scikit-build-core (#141)
• f8d28b7 support FlexiBLAS as an alternative to OpenBLAS (#138)
• See full diff in compare view

Updates numpy from 2.3.3 to 2.4.0

Release notes

Sourced from numpy's releases.

2.4.0 (Dec 20, 2025)

NumPy 2.4.0 Release Notes

The NumPy 2.4.0 release continues the work to improve free threaded Python support, user dtypes implementation, and annotations. There are many expired deprecations and bug fixes as well.

This release supports Python versions 3.11-3.14

Highlights

Apart from annotations and same_value kwarg, the 2.4 highlights are mostly of interest to downstream developers. They should help in implementing new user dtypes.

• Many annotation improvements. In particular, runtime signature introspection.
• New casting kwarg 'same_value' for casting by value.
• New PyUFunc_AddLoopsFromSpec function that can be used to add user sort loops using the ArrayMethod API.
• New __numpy_dtype__ protocol.

Deprecations

Setting the strides attribute is deprecated

Setting the strides attribute is now deprecated since mutating an array is unsafe if an array is shared, especially by multiple threads. As an alternative, you can create a new view (no copy) via:

• np.lib.stride_tricks.strided_window_view if applicable,
• np.lib.stride_tricks.as_strided for the general case,
• or the np.ndarray constructor (buffer is the original array) for a light-weight version.

(gh-28925)

Positional out argument to np.maximum, np.minimum is deprecated

Passing the output array out positionally to numpy.maximum and numpy.minimum is deprecated. For example, np.maximum(a, b, c) will emit a deprecation warning, since c is treated as the output buffer rather than a third input.

Always pass the output with the keyword form, e.g. np.maximum(a, b, out=c). This makes intent clear and simplifies type annotations.

(gh-29052)

align= must be passed as boolean to np.dtype()

... (truncated)

Changelog

Sourced from numpy's changelog.

Update 2.4.0 milestones

Look at the issues/prs with 2.4.0 milestones and either push them off to a later version, or maybe remove the milestone. You may need to add a milestone.

Check the numpy-release repo

The things to check are the cibuildwheel version in .github/workflows/wheels.yml and the openblas versions in openblas_requirements.txt.

Make a release PR

Four documents usually need to be updated or created for the release PR:

• The changelog
• The release notes
• The .mailmap file
• The pyproject.toml file

These changes should be made in an ordinary PR against the maintenance branch. Other small, miscellaneous fixes may be part of this PR. The commit message might be something like::

REL: Prepare for the NumPy 2.4.0 release

Create 2.4.0-changelog.rst.
Update 2.4.0-notes.rst.
Update .mailmap.
Update pyproject.toml

Set the release version

Check the pyproject.toml file and set the release version and update the classifier if needed::

$ gvim pyproject.toml

Check the doc/source/release.rst file

make sure that the release notes have an entry in the release.rst file::

... (truncated)

Commits

• c5ab79c Merge pull request #30487 from charris/prepare-2.4.0.2
• 05e379a REL: Prepare for the NumPy 2.4.0 release (2)
• 485f1c4 REL: Prepare for the NumPy 2.4.0 release (1) (#30486)
• c683481 REL: Prepare for the NumPy 2.4.0 release (#30439)
• 11d9ed2 Merge pull request #30459 from charris/backport-30456
• 2a17ddb TYP: restore generic.__hash__ (#30456)
• d04a429 Merge pull request #30432 from charris/backport-30426
• f94a148 fix more data races in mtrand.pyx (#30426)
• 06a9d42 Merge pull request #30420 from charris/backport-30418
• 30819cd Merge pull request #30419 from charris/backport-30373
• Additional commits viewable in compare view

Updates scikit-learn from 1.7.2 to 1.8.0

Release notes

Sourced from scikit-learn's releases.

Release 1.8.0

We're happy to announce the 1.8.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_8_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.8.html

This version supports Python versions 3.11 to 3.14 and features support of free-threaded CPython.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Commits

• 646da0f [cd build]
• 4f4f283 Generate changelog
• 967dcde Set version
• cb1424b DOC Release highlights for 1.8 (#32809)
• 5645b27 🔒 🤖 CI Update lock files for main CI build(s) 🔒 🤖 (#32859)
• 6b9fb11 🔒 🤖 CI Update lock files for free-threaded CI build(s) 🔒 :rob...
• a0f6d88 🔒 🤖 CI Update lock files for array-api CI build(s) 🔒 🤖 ...
• c1de8fc FIX Make get_namespace handle pandas dataframe input (#32838)
• 764249a Fix _safe_indexing with non integer arrays on array API inputs (#32840)
• eca5e0a FIX Add new default max_samples=None in Bagging estimators (#32825)
• Additional commits viewable in compare view

Updates joblib from 1.5.2 to 1.5.3

Changelog

Sourced from joblib's changelog.

Release 1.5.3 - 2025/12/15

• The Memory object won't overwrite an already existing .gitignore file in its cache directory anymore. joblib/joblib#1742

• Harden the safety checks in eval_expr(pre_dispatch) to prevent excessive memory allocation and potential crashes by limiting the allowed length of the expression and the maximum numeric value of sub-expressions and not evaluating expressions with non-numeric literals. joblib/joblib#1744

• Vendor cloudpickle 3.1.2 to fix a pickling problem with interactively defined abstract base classes and type annotations in Python 3.14+.

Commits

• 40cd002 RELEASE 1.5.3 (#1765)
• f05be67 MNT Remove last usage of distutils (#1760)
• 4273f39 MNT bump actions/checkout from 5 to 6 in the github-actions group (#1762)
• f465f02 FIX don't overwrite existing .gitignore (#1742)
• cca7d87 MNT bump sklearn test on python 3.12 (#1759)
• f7775ad MNT remove deprecated pytest feature (#1757)
• 3c58aab Add Python 3.14 and 3.14t to the testing (#1747)
• 9b96664 Bump cloudpickle to 3.1.2 (#1752)
• c3bdbd9 Bump the github-actions group with 5 updates (#1749)
• a09bb30 Keep GitHub Actions up to date with GitHub's Dependabot (#1748)
• Additional commits viewable in compare view

Updates psutil from 7.1.0 to 7.2.1

Changelog

Sourced from psutil's changelog.

7.2.1

2025-12-29

Bug fixes

• 2699_, [FreeBSD], [NetBSD]: heap_info()_ does not detect small allocations (<= 1K). In order to fix that, we now flush internal jemalloc cache before fetching the metrics.

7.2.0

2025-12-23

Enhancements

• 1275_: new heap_info()_ and heap_trim()_ functions, providing direct access to the platform's native C heap allocator (glibc, mimalloc, libmalloc). Useful to create tools to detect memory leaks.
• 2403_, [Linux]: publish wheels for Linux musl.
• 2680_: unit tests are no longer installed / part of the distribution. They now live under tests/ instead of psutil/tests.

Bug fixes

• 2684_, [FreeBSD], [critical]: compilation fails on FreeBSD 14 due to missing include.
• 2691_, [Windows]: fix memory leak in net_if_stats()_ due to missing Py_CLEAR.

Compatibility notes

• 2680_: import psutil.tests no longer works (but it was never documented to begin with).

7.1.3

2025-11-02

Enhancements

• 2667_: enforce clang-format on all C and header files. It is now the mandatory formatting style for all C sources.
• 2672_, [macOS], [BSD]: increase the chances to recognize zombie processes and raise the appropriate exception (ZombieProcess_).
• 2676_, 2678_: replace unsafe sprintf / snprintf / sprintf_s calls with str_format(). Replace strlcat / strlcpy with safe str_copy /

... (truncated)

Commits

• 6130c19 Fix #2699 / BSD: flush internal jemalloc cache before returning metrics.
• 899ee4e Mention psleak
• 704e218 Pre-release
• 1a946cf Take psleak from PYPI
• 5085421 Use external psleak module for memleak tests (#2698)
• ac56e6a CI: don't cancel CI in progress on 1st failure
• 10fe3d5 Merge branch 'master' of github.com:giampaolo/psutil
• ba507bd Fix various CI errors
• d5a1398 Update cpu_count docs: clarify differences from os.cpu_count (#2696)
• 556158f Refact memleak.py
• Additional commits viewable in compare view

Updates black from 25.9.0 to 25.12.0

Release notes

Sourced from black's releases.

25.12.0

Please test out the draft 2026 style in version 26.1a1! This style will be finalized in the January release (26.1.0). Most of the changes in --preview will be in the 2026 stable style, but not all. Please share your feedback!

This release (25.12.0) will still produce the 2025 style.

Highlights

• Black no longer supports running with Python 3.9 (#4842)

Stable style

• Fix bug where comments preceding # fmt: off/...

  Description has been truncated

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.