chore(deps): bump numpy from 1.26.4 to 2.2.3

[dependabot]

Bumps numpy from 1.26.4 to 2.2.3.

Release notes

Sourced from numpy's releases.

2.2.3 (Feb 13, 2025)

NumPy 2.2.3 Release Notes

NumPy 2.2.3 is a patch release that fixes bugs found after the 2.2.2 release. The majority of the changes are typing improvements and fixes for free threaded Python. Both of those areas are still under development, so if you discover new problems, please report them.

This release supports Python versions 3.10-3.13.

Contributors

A total of 9 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• !amotzop
• Charles Harris
• Chris Sidebottom
• Joren Hammudoglu
• Matthew Brett
• Nathan Goldbaum
• Raghuveer Devulapalli
• Sebastian Berg
• Yakov Danishevsky +

Pull requests merged

A total of 21 pull requests were merged for this release.

• #28185: MAINT: Prepare 2.2.x for further development
• #28201: BUG: fix data race in a more minimal way on stable branch
• #28208: BUG: Fix from_float_positional errors for huge pads
• #28209: BUG: fix data race in np.repeat
• #28212: MAINT: Use VQSORT_COMPILER_COMPATIBLE to determine if we should...
• #28224: MAINT: update highway to latest
• #28236: BUG: Add cpp atomic support (#28234)
• #28237: BLD: Compile fix for clang-cl on WoA
• #28243: TYP: Avoid upcasting float64 in the set-ops
• #28249: BLD: better fix for clang / ARM compiles
• #28266: TYP: Fix timedelta64.__divmod__ and timedelta64.__mod__...
• #28274: TYP: Fixed missing typing information of set_printoptions
• #28278: BUG: backport resource cleanup bugfix from gh-28273
• #28282: BUG: fix incorrect bytes to stringdtype coercion
• #28283: TYP: Fix scalar constructors
• #28284: TYP: stub numpy.matlib
• #28285: TYP: stub the missing numpy.testing modules
• #28286: CI: Fix the github label for TYP: PR's and issues
• #28305: TYP: Backport typing updates from main
• #28321: BUG: fix race initializing legacy dtype casts
• #28324: CI: update test_moderately_small_alpha

... (truncated)

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.1.0 release on Linux, modified for building with GitHub Actions and cibuildwheels and uploading to the anaconda.org staging repository for NumPy <https://anaconda.org/multibuild-wheels-staging/numpy>_. The commands can be copied into the command line, but be sure to replace 2.1.0 by the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

• Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.
• You can use the keyring app to store the PyPI password for twine. See the online twine documentation for details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, three files need to be edited:

• .github/workflows/wheels.yml # for github cibuildwheel
• tools/ci/cirrus_wheels.yml # for cibuildwheel aarch64/arm64 builds
• pyproject.toml # for classifier and minimum version check.

Make these changes in an ordinary PR against main and backport if necessary. Add [wheel build] at the end of the title line of the commit summary so that wheel builds will be run to test the changes. We currently release wheels for new Python versions after the first Python rc once manylinux and cibuildwheel support it. For Python 3.11 we were able to release within a week of the rc1 announcement.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.1.x branch.

Update 2.1.0 milestones

... (truncated)

Commits

• a274561 Merge pull request #28322 from charris/prepare-2.2.3
• 5ab0f71 REL: Prepare for the NumPy 2.2.3 release [wheel build]
• 010ad9b Merge pull request #28324 from charris/update-test_dirichlet_moderately_small...
• 6338746 CI: update test_moderately_small_alpha [wheel build]
• 56f8d5b Merge pull request #28321 from charris/backport-28290
• 48515a3 MAINT: Update some testing files from main
• 96ca7e3 MAINT: respond to code review
• c20ac88 MAINT: use a try/finally to make the deadlock protection more robust
• d494647 MAINT: fix indentation and clarify comment
• 3f8fbd6 MAINT: go back to try/except
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[changeset-bot]

⚠️ No Changeset found

Latest commit: 56403c2

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 2 package(s) with unknown licenses.

See the Details below.

License Issues

Pipfile

Package	Version	License	Issue Type
numpy	~> 2.2	Null	Unknown License

Pipfile.lock

Package	Version	License	Issue Type
numpy	2.2.3	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/numpy	~> 2.2	🟢 7.8	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 18 out of 18 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 9 Found 17/18 approved changesets -- score normalized to 9 Contributors 🟢 10 project has 95 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/numpy	2.2.3	🟢 7.8	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 18 out of 18 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 9 Found 17/18 approved changesets -- score normalized to 9 Contributors 🟢 10 project has 95 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Maintained 🟢 10 30 commit(s) and 20 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Files

• Pipfile
• Pipfile.lock

[dependabot]

Superseded by #38.