Bump the python-packages group with 7 updates

[dependabot]

Bumps the python-packages group with 7 updates:

Package	From	To
pandas	2.3.3	3.0.1
python-dotenv	1.2.1	1.2.2
rich	14.3.2	14.3.3
sqlglot	28.10.1	29.0.1
google-cloud-bigquery-storage	2.36.1	2.36.2
filelock	3.24.2	3.25.0
ruff	0.15.1	0.15.4

Updates pandas from 2.3.3 to 3.0.1

Release notes

Sourced from pandas's releases.

pandas 3.0.1

We are pleased to announce the release of pandas 3.0.1. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

pandas 3.0.0

We are pleased to announce the release of pandas 3.0.0, a major release from the pandas 2.x series. This release includes various new features, bug fixes, and performance improvements, as well as possible breaking changes.

The pandas 3.0 release removed a functionality that was deprecated in previous releases. It is recommended to first upgrade to pandas 2.3 and to ensure your code is working without warnings, before upgrading to pandas 3.0.

Highlights include:

• Dedicated string data type by default
• Consistent copy/view behaviour with Copy-on-Write (CoW) (a.k.a. getting rid of the SettingWithCopyWarning)
• New default resolution for datetime-like data
• Initial support for the new pd.col syntax

See the announcement blog post and the detailed release notes for a list of all the changes.

Pandas 3.0.0 supports Python 3.11 and higher. The release can be installed from PyPI

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Pandas 3.0.0rc2

No release notes provided.

Pandas 3.0.0rc1

... (truncated)

Commits

• e04b26f RLS: 3.0.1 (#64206)
• 47909e6 [backport 3.0.x] ENH: Add item() method to ExtensionArray class (#64134) (#64...
• a061bfd Backport PR #64199 on branch 3.0.x (DOC: cleanup 3.0.1 whatsnew) (#64201)
• 085a385 [backport 3.0.x] BUG: Fix read_hdf failing on generic datetime64 dtype (#6400...
• 5f17047 [backport 3.0.x] BUG: use fill_null fallback for bug in pyarrow 21 on Windows...
• 0d3a8cb Backport PR #64122 on branch 3.0.x (REG: Allow RE2 syntax in str.contains and...
• 78e1917 Backport PR #64185 on branch 3.0.x (TST: remove fixed xfail for PyArrow 23.0....
• 75a42ca Backport PR #64168 on branch 3.0.x (TST: add legacy file generation and tests...
• 46d443f Backport PR #64092 on branch 3.0.x (BUG: DataFrame.loc fills b'' instead of N...
• 9d67932 Backport PR #64068 on branch 3.0.x (BUG: fixed to_timedelta with list of int ...
• Additional commits viewable in compare view

Updates python-dotenv from 1.2.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

• The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by @​bbc2 in #790c5
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by @​JYOuyang in theskumar/python-dotenv#590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

• skip 000 permission tests for root user by @​burnout-projects in theskumar/python-dotenv#561
• Bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in theskumar/python-dotenv#593
• Add Windows testing to CI by @​bbc2 in theskumar/python-dotenv#604
• Improve workflow efficiency with best practices by @​theskumar in theskumar/python-dotenv#609
• Remove the use of sh in tests by @​bbc2 in theskumar/python-dotenv#612

New Contributors

• @​JYOuyang made their first contribution in theskumar/python-dotenv#590
• @​burnout-projects made their first contribution in theskumar/python-dotenv#561
• @​cpackham-atlnz made their first contribution in theskumar/python-dotenv#597

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

• The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Dropped Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Commits

• 36004e0 Bump version: 1.2.1 → 1.2.2
• eb20252 docs: update changelog for v1.2.2
• 790c5c0 Merge commit from fork
• 43340da Remove the use of sh in tests (#612)
• 09d7cee docs: clarify override behavior and document FIFO support (#610)
• c8de288 ci: improve workflow efficiency with best practices (#609)
• 7bd9e3d Add Windows testing to CI (#604)
• 1baaf04 Drop Python 3.9 support and update to PyPy 3.11 (#608)
• 4a22cf8 ci: enable testing on Python 3.14t (free-threaded) (#588)
• e2e8e77 Fix license specifier (#597)
• Additional commits viewable in compare view

Updates rich from 14.3.2 to 14.3.3

Release notes

Sourced from rich's releases.

The infinite Release

Fixed a infinite loop in split_graphemes

[14.3.3] - 2026-02-19

Fixed

• Fixed infinite loop with cells.split_graphemes Textualize/rich#4006

Changelog

Sourced from rich's changelog.

[14.3.3] - 2026-02-19

Fixed

• Fixed infinite loop with cells.split_graphemes Textualize/rich#4006

Commits

• ce01188 Merge pull request #4008 from Textualize/bump1433
• 14a47c9 bump
• f54bfe0 Merge pull request #4007 from Textualize/copilot/sub-pr-4006
• 7338cb9 Merge pull request #4006 from Textualize/fix-grapheme-stuck
• 905b397 Update tests/test_cells.py
• b031dca Update tests/test_cells.py
• f07a3fc Add regression tests for VS16 after zero-width chars in split_graphemes
• b618ccc spelling
• 378c34b Initial plan
• 87e7ca2 refinements, and tests
• Additional commits viewable in compare view

Updates sqlglot from 28.10.1 to 29.0.1

Commits

• 21a2a57 chore: actually emit warning
• fdfdfb1 feat(duckdb)!: support GET_CURRENT_TIME() for DuckDB (#7126)
• a04cd85 Update CHANGELOG.md for v29.0.0 [skip ci]
• 4a38462 fix(deploy): Use GA ARM machine (#7131)
• 3e8f551 chore: update claude.md
• 93bf337 fix(optimizer)!: annotate date_diff(expr) for DuckDB (#7125)
• 5a30754 feat(duckdb)!: support current_localtimestamp() for DuckDB (#7128)
• 3ff4e0d fix(deploy): Fix _version not exists (#7129)
• 0a0cc95 feat!!: remove rust and build c (#7120)
• 2069b06 feat(optimizer)!: annotate ARRAY_EXCEPT for Hive/Spark/DBX (#7123)
• Additional commits viewable in compare view

Updates google-cloud-bigquery-storage from 2.36.1 to 2.36.2

Release notes

Sourced from google-cloud-bigquery-storage's releases.

google-cloud-bigquery-storage: v2.36.2

v2.36.2 (2026-02-19)

Bug Fixes

• missing first page in to_dataframe (#15575) (397fb147)

Commits

• 317d87b chore: librarian release pull request: 20260219T080954Z (#15582)
• 397fb14 fix: missing first page in to_dataframe (#15575)
• f0841b1 chore: librarian release pull request: 20260217T210947Z (#15573)
• fd22688 chore: librarian onboard pull request: 20260218T181744Z (#15579)
• 4ca6f9e chore: librarian generate pull request: 20260218T081656Z (#15577)
• d8e1a9a chore: clean up
• 77dcd29 chore: clean up librarian config
• 565f6bb chore: See googleapis/google-cloud-python#14446
• 4267bc7 add core_deps_from_source nox session
• d6e1ee5 tests: fix build
• Additional commits viewable in compare view

Updates filelock from 3.24.2 to 3.25.0

Release notes

Sourced from filelock's releases.

3.25.0

What's Changed

• Add permissions to check workflow by @​gaborbernat in tox-dev/filelock#500
• Move SECURITY.md to .github/SECURITY.md by @​gaborbernat in tox-dev/filelock#501
• Standardize .github files to .yaml suffix by @​gaborbernat in tox-dev/filelock#504
• ✨ feat(async): add AsyncReadWriteLock by @​gaborbernat in tox-dev/filelock#506

Full Changelog: tox-dev/filelock@3.24.4...3.25.0

3.24.4

What's Changed

• Suppress ValueError in _try_break_stale_lock for corrupted lock files by @​bysiber in tox-dev/filelock#496
• Fix ValueError in _acquire_transaction_lock when blocking=False with timeout by @​gaborbernat in tox-dev/filelock#498

New Contributors

• @​bysiber made their first contribution in tox-dev/filelock#496

Full Changelog: tox-dev/filelock@3.24.3...3.24.4

3.24.3

What's Changed

• 🐛 fix(ci): add trailing blank line after changelog entries by @​gaborbernat in tox-dev/filelock#492
• 🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire by @​gaborbernat in tox-dev/filelock#495

Full Changelog: tox-dev/filelock@3.24.2...3.24.3

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.25.0 (2026-03-01)

---

• ✨ feat(async): add AsyncReadWriteLock :pr:506
• Standardize .github files to .yaml suffix
• build(deps): bump actions/download-artifact from 7 to 8 :pr:503 - by :user:dependabot[bot]
• build(deps): bump actions/upload-artifact from 6 to 7 :pr:502 - by :user:dependabot[bot]
• Move SECURITY.md to .github/SECURITY.md
• Add security policy
• Add permissions to check workflow :pr:500
• [pre-commit.ci] pre-commit autoupdate :pr:499 - by :user:pre-commit-ci[bot]

---

3.24.3 (2026-02-19)

---

• 🐛 fix(unix): handle ENOENT race on FUSE/NFS during acquire :pr:495
• 🐛 fix(ci): add trailing blank line after changelog entries :pr:492

---

3.24.2 (2026-02-16)

---

• 🐛 fix(rw): close sqlite3 cursors and skip SoftFileLock Windows race :pr:491
• 🐛 fix(test): resolve flaky write non-starvation test :pr:490
• 📝 docs: restructure using Diataxis framework :pr:489

---

3.24.1 (2026-02-15)

---

• 🐛 fix(soft): resolve Windows deadlock and test race condition :pr:488

---

3.24.0 (2026-02-14)

---

• ✨ feat(lock): add lifetime parameter for lock expiration (#68) :pr:486
• ✨ feat(lock): add cancel_check to acquire (#309) :pr:487
• 🐛 fix(api): detect same-thread self-deadlock :pr:481
• ✨ feat(mode): respect POSIX default ACLs (#378) :pr:483
• 🐛 fix(win): eliminate lock file race in threaded usage :pr:484
• ✨ feat(lock): add poll_interval to constructor :pr:482
• 🐛 fix(unix): auto-fallback to SoftFileLock on ENOSYS :pr:480

... (truncated)

Commits

• 7f195d9 Release 3.25.0
• df2754e ✨ feat(async): add AsyncReadWriteLock (#506)
• 8a359c5 Standardize .github files to .yaml suffix
• 9e7b33d build(deps): bump actions/download-artifact from 7 to 8 (#503)
• 5fe6836 build(deps): bump actions/upload-artifact from 6 to 7 (#502)
• af265f9 Move SECURITY.md to .github/SECURITY.md
• 67a5569 Add security policy
• 4b8c261 Add permissions to check workflow (#500)
• e749d66 [pre-commit.ci] pre-commit autoupdate (#499)
• 721b37b Fix ValueError in _acquire_transaction_lock when blocking=False with timeout ...
• Additional commits viewable in compare view

Updates ruff from 0.15.1 to 0.15.4

Release notes

Sourced from ruff's releases.

0.15.4

Release Notes

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

• Fix panic on access to definitions after analyzing definitions (#23588)
• [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

• Clarify first-party import detection in Ruff (#23591)
• Fix incorrect import-heading example (#23568)

Contributors

• @​stakeswky
• @​ntBre
• @​thejcannon
• @​GeObts

Install ruff 0.15.4

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.ps1 | iex"

Download ruff 0.15.4

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum
ruff-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
ruff-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
ruff-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
ruff-powerpc64-unknown-linux-gnu.tar.gz	PPC64 Linux	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.4

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

• Fix panic on access to definitions after analyzing definitions (#23588)
• [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

• Clarify first-party import detection in Ruff (#23591)
• Fix incorrect import-heading example (#23568)

Contributors

• @​stakeswky
• @​ntBre
• @​thejcannon
• @​GeObts

0.15.3

Released on 2026-02-26.

Preview features

• Drop explicit support for .qmd file extension (#23572)

  This can now be enabled instead by setting the extension option:

  # ruff.toml
  extension = { qmd = "markdown" }
  pyproject.toml
  [tool.ruff]
  extension = { qmd = "markdown" }

• Include configured extensions in file discovery (#23400)

• [flake8-bandit] Allow suspicious imports in TYPE_CHECKING blocks (S401-S415) (#23441)

• [flake8-bugbear] Allow B901 in pytest hook wrappers (#21931)

• [flake8-import-conventions] Add missing conventions from upstream (ICN001, ICN002) (#21373)

... (truncated)

Commits

• f14edd8 Bump 0.15.4 (#23595)
• fd09d37 Fix panic on access to definitions after analyzing definitions (#23588)
• 81d655f [pyflakes] suppress false positive in F821 for names used before del in...
• 625b4f5 [ruff] docs: Clarify first-party import detection in Ruff (#23591)
• 60facfa one word typo fix in a while_loop.md test case (#23589)
• fbb9fa7 docs: fix incorrect import-heading example (#23568)
• 5bc49a9 Increase the ruleset size to 16 bits (#23586)
• a62ba8c [ty] Fix overloaded callable assignability for unary Callable targets (#23277)
• e5f2f36 Bump 0.15.3 (#23585)
• 0e19fc9 [ty] defer calculating conjunctions in narrowing constraints (#23552)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Summary by cubic

Upgrade core Python dependencies to improve stability and compatibility, including pandas 3.0 and sqlglot 29. Also fixes BigQuery to_dataframe pagination via library update.

• Dependencies

  • pandas: 2.3.3 → 3.0.1
  • sqlglot: 28.10.1 → 29.0.1 (pyproject upper bound updated to <30)
  • google-cloud-bigquery-storage: 2.36.1 → 2.36.2 (fixes missing first page in to_dataframe)
  • python-dotenv: 1.2.1 → 1.2.2 (updated symlink handling)
  • rich: 14.3.2 → 14.3.3 (fix infinite loop in split_graphemes)
  • filelock: 3.24.2 → 3.25.0 (adds AsyncReadWriteLock)
  • ruff: 0.15.1 → 0.15.4 (bug fix release)

• Migration

  • Ensure runtime uses Python 3.11+ for pandas 3.0.
  • Review pandas changes (string dtype by default, Copy-on-Write) and adjust code if needed.
  • If using dotenv set/unset with symlinks, pass follow_symlinks=True.
  • If code relies on pytz, add it explicitly; pandas no longer depends on it.

^{Written for commit 38540f9. Summary will update on new commits.}

[cubic-dev-ai]

No issues found across 2 files

Architecture diagram

sequenceDiagram
    participant App as Application Logic
    participant Env as python-dotenv
    participant FS as FileSystem / filelock
    participant BQ as BigQuery Storage API
    participant SQL as sqlglot (Translator)
    participant PD as pandas 3.0
    participant UI as rich (Terminal UI)

    Note over App,UI: System Runtime Initialization & Data Pipeline

    App->>Env: load_dotenv()
    Note right of Env: CHANGED: Symlinks not followed by default<br/>unless follow_symlinks=True

    App->>FS: acquire() / NEW: AsyncReadWriteLock
    FS-->>App: Lock granted

    App->>SQL: transpile(query, read="duckdb")
    Note right of SQL: CHANGED: Version 29.x updates<br/>DuckDB timestamp/time mappings
    SQL-->>App: Transpiled SQL string

    App->>BQ: Request Data (ReadRows)
    BQ-->>App: Streamed Arrow/Avro records

    App->>PD: CHANGED: to_dataframe()
    Note right of PD: FIXED: Google client now includes<br/>missing first page in results

    loop Data Processing
        PD->>PD: NEW: Default String Dtype
        PD->>PD: NEW: Copy-on-Write (CoW) enabled
        Note over PD: Ensures consistent behavior<br/>without SettingWithCopyWarning
        PD->>PD: NEW: Datetime resolution inference
    end

    App->>UI: print(Table/Progress)
    Note right of UI: FIXED: split_graphemes infinite loop<br/>bug resolved in v14.3.3

    App->>FS: release()
    deactivate FS
    FS-->>App: Lock released

Loading