Bump the runtime-dependencies group across 1 directory with 9 updates

[dependabot]

Bumps the runtime-dependencies group with 9 updates in the / directory:

Package	From	To
asteval	1.0.2	1.0.8
netcdf4	1.7.1.post1	1.7.4
numba	0.60.0	0.64.0
numpy	2.0.1	2.2.6
pydantic	2.10.0	2.12.5
ruamel-yaml	0.18.6	0.19.1
scipy	1.14.1	1.15.3
tabulate	0.9.0	0.10.0
typing-extensions	4.12.2	4.15.0

Updates asteval from 1.0.2 to 1.0.8

Release notes

Sourced from asteval's releases.

1.0.8

Fixes and improvements:

• fix bug (#146) so that return from a Procedure does not interrupt the calling code block
• remove numpy.memmap from default methods
• add discussion of numpy functions/objects that can open files
• add support and tests for lambda expressions
• add default permissions to github actions
• update README, doc, remove cruft

1.0.7

• return in while, for, and with blocks in functions properly signal an immediate exit of the function. (fixes #141)
• fix augassign to retain line numbers for exceptions properly. (#140)
• make sure that "unsafe_modules" should not be accessed even if imported and exposed by other modules
• cleanup unused nodes
• tweaks and fixes to docs
• drop testing with Python 3.9
• add testing for Python 3.14
• update pyproject.toml from the endless churn from PyPA, to move the location and formatting for the LICENSE, to continue compliance with the endless churn from PyPA.

1.0.6

• drop testing and support for Python3.8, add Python 3.13, change document to reflect this.
• implement safe_getattr and safe_format functions; fix bugs in UNSAFE_ATTRS and UNSAFE_ATTRS_DTYPES usage
• make all procedure attributes private to curb access to AST nodes, which can be exploited
• improvements to error messages, including use ast functions to construct better error messages
• remove import of numpy.linalg, as documented
• update doc description for security advisory

Special thanks to @​SteakEnthusiast for the security-related fixes

1.0.5

bugfix:

• more work on handling errors, including fixing #133 and adding more comprehensive tests for #129 and #132

1.0.4

bugfix:

• fix error handling that might result in null exception

1.0.3

bug fixes, a few feature enhancements:

• functions ("Procedures") defined within asteval have a _signature() method, now use in repr
• add support for deleting subscript
• nested symbol tables now have a Group() function
• update coverage config
• cleanups of exception handling : errors must now have an exception
• several related fixes to suppress repeated exceptions: see GH #132 and #129
• make non-boolean return values from comparison operators behave like Python - not immediately testing as bool

Commits

• abf86ad update doc
• 81ac8f4 update README, remove cruft
• 1169b51 Merge pull request #147 from lmfit/procedure_return_interrupts
• 1984dbf reset main asteval._interrupt when returning (successfully) from a called pro...
• e0a4490 add test (from @​sergproua) for calling a procedure not interrupting a loop
• bda05fd add default permissions to github actions
• 553737e add discussion of numpy functions/objects that can open files
• a572efb remove numpy.memmap from default methods
• 7de41b7 Merge pull request #144 from lmfit/with_lambda
• 2009d73 update docs for enabling lambda
• Additional commits viewable in compare view

Updates netcdf4 from 1.7.1.post1 to 1.7.4

Changelog

Sourced from netcdf4's changelog.

version 1.7.4.1 (tag v1.7.4.1rel)

• Change default encoding for stringtochar/chartostring functions from 'utf-8' to 'utf-8'/'ascii' for dtype.kind='U'/'S' (issue #1464).
• Fix DeprecationWarning for assigning to numpy.ndarray.shape for numpy >= 2.5.0 (issue #1468).
• Disable parallel support even if libs support it via DISABLE_PARALLEL_SUPPORT env var (issue #1389).

version 1.7.4 (tag v1.7.4rel)

• Make sure automatic conversion of character arrays <--> string arrays works for Unicode strings (issue #1440). (previously only worked correctly for encoding="ascii").
• Add netcdf plugins (blosc, zstd, bzip2) in wheels. Blosc plugin doesn't work in Windows wheels. Macos wheels now use conda provided libs. (PR #1450)
• Add windows/arm (PR #1453) and free-threaded python wheels (issue #1454). Windows wheels now use netcdf-c 4.9.3. WARNING: netcdf-c is not thread-safe and netcdf4-python does have internal locking so expect segfaults if you use netcdf4-python on multiple threads with free-threaded python. Users must exercise care to only call netcdf from a single thread.

version 1.7.3 (tag v1.7.3rel)

• Python 3.14 wheels (issue #1432)
• support os.PathLike arguments for Dataset.fromcdl and raise a FileNotFoundError if the cdl is missing and a FileExistsError if the nc file already exists (PR #1387)
• raise more informative error when trying to iterate or perform a membership operation on a Dataset (issue #1383)
• fix type hint for createEnumType (issue #1378)
• add python 3.13 to windows wheel builds (PR #1377)
• allow slicing of vlen and string variables with non-unitary strides (issue #1408).

version 1.7.2 (tag v1.7.2rel)

• add static type hints (PRs #1302, #1349)
• Expose nc_rc_set, nc_rc_get (via rc_set, rc_get module functions). (PR #1348)
• Add Variable.get_fill_value and allow fill_value='default' to set _FillValue attribute using default fill values. (issue #1374, PR #1375).
• Fix NETCDF3 endian error (issue #1373, PR #1355).

version 1.7.1 (tag v1.7.1rel)

• include nc_complex source code from v0.2.0 tag (instead of using submodule).
• add aarch64 wheels.

version 1.7.0 (tag v1.7.0rel)

• add support for complex numbers via auto_complex keyword to Dataset (PR #1295)
• fix for deprecated Cython DEF and IF statements using compatibility header with shims for unavailable functionality (PR #1277)
• use szip as the library name on Windows (PR #1304)
• add support for MS-MPI MPI_Message detection (PR #1305)
• fix for issue #1306 - surprising result when indexing vlen str with non-contiguous

... (truncated)

Commits

• See full diff in compare view

Updates numba from 0.60.0 to 0.64.0

Release notes

Sourced from numba's releases.

0.64.0

Major Numba release, adding NumPy 2.4 support. Please view the release notes here: https://numba.readthedocs.io/en/stable/release/0.64.0-notes.html

0.63.1

Numba patch release, view the release notes here: https://numba.readthedocs.io/en/0.63.1/release/0.63.1-notes.html

0.63.0

Major Numba release, adding Python 3.14 support. Please view the release notes here: https://numba.readthedocs.io/en/0.63.0/release/0.63.0-notes.html

0.62.1

Numba patch release, view the release notes here: https://numba.readthedocs.io/en/0.62.1/release/0.62.1-notes.html

0.62.0

Major Numba release, view the release notes here: https://numba.readthedocs.io/en/0.62.0/release/0.62.0-notes.html

Numba 0.61.2

Minor Numba release adding NumPy 2.2 support. View detailed release notes and changelog here.

Numba 0.61.0

Major Numba release adding Python 3.13 and NumPy 2.1 support. View detailed release notes and changelog here.

Commits

• fd67a63 Merge pull request #10438 from swap357/release0.64
• 17e399f add final changelog entry
• 3d59a51 update release date and version table
• b37f2d4 Merge pull request #10425 from swap357/pin_deps_release0.64
• 02f2fe7 Merge pull request #10424 from swap357/change_testing_ref_release0.64
• bb8daa2 correct minimum llvmlite version requirement to 0.46.0 on init and windows bu...
• 7dcea23 update llvmlite version pins to 0.46
• 51bff49 pin llvmlite and numpy versions
• 4745452 change origin/main to origin/release0.64 for testing
• d6d9c0f Merge pull request #10423 from swap357/changelog_0.64
• Additional commits viewable in compare view

Updates numpy from 2.0.1 to 2.2.6

Release notes

Sourced from numpy's releases.

v2.2.6 (May 17, 2025)

NumPy 2.2.6 Release Notes

NumPy 2.2.6 is a patch release that fixes bugs found after the 2.2.5 release. It is a mix of typing fixes/improvements as well as the normal bug fixes and some CI maintenance.

This release supports Python versions 3.10-3.13.

Contributors

A total of 8 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Charles Harris
• Ilhan Polat
• Joren Hammudoglu
• Marco Gorelli +
• Matti Picus
• Nathan Goldbaum
• Peter Hawkins
• Sayed Adel

Pull requests merged

A total of 11 pull requests were merged for this release.

• #28778: MAINT: Prepare 2.2.x for further development
• #28851: BLD: Update vendor-meson to fix module_feature conflicts arguments...
• #28852: BUG: fix heap buffer overflow in np.strings.find
• #28853: TYP: fix NDArray[floating] + float return type
• #28864: BUG: fix stringdtype singleton thread safety
• #28865: MAINT: use OpenBLAS 0.3.29
• #28889: MAINT: from_dlpack thread safety fixes
• #28913: TYP: Fix non-existent CanIndex annotation in ndarray.setfield
• #28915: MAINT: Avoid dereferencing/strict aliasing warnings
• #28916: BUG: Fix missing check for PyErr_Occurred() in _pyarray_correlate.
• #28966: TYP: reject complex scalar types in ndarray.__ifloordiv__

Checksums

MD5

259343f056061f6eadb2f4b8999d06d4  numpy-2.2.6-cp310-cp310-macosx_10_9_x86_64.whl
16fa85488e149489ce7ee044d7b0d307  numpy-2.2.6-cp310-cp310-macosx_11_0_arm64.whl
f01b7aea9d2b76b1eeb49766e615d689  numpy-2.2.6-cp310-cp310-macosx_14_0_arm64.whl
f2ddc2b22517f6e31caa1372b12c2499  numpy-2.2.6-cp310-cp310-macosx_14_0_x86_64.whl
52190e22869884f0870eb3df7a283ca9  numpy-2.2.6-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
8f382b9ca6770db600edd5ea2447a925  numpy-2.2.6-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
e604aae2ef6e01fb92ecc39aca0424d9  numpy-2.2.6-cp310-cp310-musllinux_1_2_aarch64.whl

... (truncated)

Commits

• 2b686f6 Merge pull request #28980 from charris/prepare-2.2.6
• ed41828 REL: Prepare for the NumPy 2.2.6 release [wheel build]
• 83e4e7f Merge pull request #28966 from charris/backport-28958
• 248f0cb TYP: add rejection-tests for complex ndarray floordiv
• 5bad9da TYP: reject complex scalar types in ndarray.__ifloordiv__
• 6c42775 Merge pull request #28915 from charris/backport-28892
• 4277e7c Merge pull request #28916 from charris/backport-28898
• bd1c863 BUG: Fix missing check for PyErr_Occurred() in _pyarray_correlate. (#28898)
• 87d1d8a MAINT: Avoid dereferencing/strict aliasing warnings during complex casts in `...
• 9e50659 Merge pull request #28913 from charris/backport-28908
• Additional commits viewable in compare view

Updates pydantic from 2.10.0 to 2.12.5

Release notes

Sourced from pydantic's releases.

v2.12.5 2025-11-26

v2.12.5 (2025-11-26)

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

• Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
• Several updates to the documentation by @​Viicos.

Full Changelog: pydantic/pydantic@v2.12.4...v2.12.5

v2.12.4 2025-11-05

v2.12.4 (2025-11-05)

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

• Fix issue with forward references in parent TypedDict classes by @​Viicos in #12427.

  This issue is only relevant on Python 3.14 and greater.

• Exclude fields with exclude_if from JSON Schema required fields by @​Viicos in #12430

• Revert URL percent-encoding of credentials in the build() method of the AnyUrl and Dsn types by @​davidhewitt in pydantic-core#1833.

  This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.

• Add type inference for IP address types by @​davidhewitt in pydantic-core#1868.

  The 2.12 changes to the serialize_as_any behavior made it so that IP address types could not properly serialize to JSON.

• Avoid getting default values from defaultdict by @​davidhewitt in pydantic-core#1853.

  This fixes a subtle regression in the validation behavior of the collections.defaultdict type.

• Fix issue with field serializers on nested typed dictionaries by @​davidhewitt in pydantic-core#1879.

• Add more pydantic-core builds for the three-threaded version of Python 3.14 by @​davidhewitt in pydantic-core#1864.

Full Changelog: pydantic/pydantic@v2.12.3...v2.12.4

v2.12.3 2025-10-17

v2.12.3 (2025-10-17)

What's Changed

This is the third 2.13 patch release, fixing issues related to the FieldInfo class, and reverting a change to the supported after model validator function signatures.

... (truncated)

Changelog

Sourced from pydantic's changelog.

v2.12.5 (2025-11-26)

GitHub release

This is the fifth 2.12 patch release, addressing an issue with the MISSING sentinel and providing several documentation improvements.

The next 2.13 minor release will be published in a couple weeks, and will include a new polymorphic serialization feature addressing the remaining unexpected changes to the serialize as any behavior.

• Fix pickle error when using model_construct() on a model with MISSING as a default value by @​ornariece in #12522.
• Several updates to the documentation by @​Viicos.

v2.12.4 (2025-11-05)

GitHub release

This is the fourth 2.12 patch release, fixing more regressions, and reverting a change in the build() method of the AnyUrl and Dsn types.

This patch release also fixes an issue with the serialization of IP address types, when serialize_as_any is used. The next patch release will try to address the remaining issues with serialize as any behavior by introducing a new polymorphic serialization feature, that should be used in most cases in place of serialize as any.

• Fix issue with forward references in parent TypedDict classes by @​Viicos in #12427.

  This issue is only relevant on Python 3.14 and greater.

• Exclude fields with exclude_if from JSON Schema required fields by @​Viicos in #12430

• Revert URL percent-encoding of credentials in the build() method of the AnyUrl and Dsn types by @​davidhewitt in pydantic-core#1833.

  This was initially considered as a bugfix, but caused regressions and as such was fully reverted. The next release will include an opt-in option to percent-encode components of the URL.

• Add type inference for IP address types by @​davidhewitt in pydantic-core#1868.

  The 2.12 changes to the serialize_as_any behavior made it so that IP address types could not properly serialize to JSON.

• Avoid getting default values from defaultdict by @​davidhewitt in pydantic-core#1853.

  This fixes a subtle regression in the validation behavior of the collections.defaultdict type.

• Fix issue with field serializers on nested typed dictionaries by @​davidhewitt in pydantic-core#1879.

• Add more pydantic-core builds for the three-threaded version of Python 3.14 by @​davidhewitt in pydantic-core#1864.

v2.12.3 (2025-10-17)

GitHub release

... (truncated)

Commits

• bd2d0dd Prepare release v2.12.5
• 7d0302e Document security implications when using create_model()
• e9ef980 Fix typo in Standard Library Types documentation
• f2c20c0 Add pydantic-docs dev dependency, make use of versioning blocks
• a76c1aa Update documentation about JSON Schema
• 8cbc72c Add documentation about custom __init__()
• 99eba59 Add additional test for FieldInfo.get_default()
• c710769 Special case MISSING sentinel in smart_deepcopy()
• 20a9d77 Do not delete mock validator/serializer in rebuild_dataclass()
• c86515a Update parts of the model and revalidate_instances documentation
• Additional commits viewable in compare view

Updates ruamel-yaml from 0.18.6 to 0.19.1

Updates scipy from 1.14.1 to 1.15.3

Release notes

Sourced from scipy's releases.

SciPy 1.15.3 Release Notes

SciPy 1.15.3 is a bug-fix release with no new features compared to 1.15.2.

For the complete issue and PR lists see the raw release notes.

Authors

• Name (commits)
• aiudirog (1) +
• Nickolai Belakovski (1)
• Florian Bourgey (1) +
• Richard Strong Bowen (2) +
• Jake Bowhay (1)
• Dietrich Brunn (2)
• Evgeni Burovski (1)
• Lucas Colley (1)
• Ralf Gommers (1)
• Saarthak Gupta (1) +
• Matt Haberland (4)
• Chengyu Han (1) +
• Lukas Huber (1) +
• Nick ODell (2)
• Ilhan Polat (4)
• Tyler Reddy (52)
• Neil Schemenauer (1) +
• Dan Schult (1)
• sildater (1) +
• Gagandeep Singh (4)
• Albert Steppi (2)
• Matthias Urlichs (1) +
• David Varela (1) +
• ਗਗਨਦੀਪ ਸਿੰਘ (Gagandeep Singh) (3)

A total of 24 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

SciPy 1.15.2 Release Notes

SciPy 1.15.2 is a bug-fix release with no new features compared to 1.15.1. Free-threaded Python 3.13 wheels for Linux ARM platform are available on PyPI starting with this release.

Authors

... (truncated)

Commits

• e29dcb6 REL: 1.15.3 rel commit [wheel build]
• 61e6aa1 Merge pull request #22840 from tylerjereddy/treddy_1.15.3_backports
• 18c4ca8 MAINT: PR 22840 wheel build [wheel build]
• bd0f132 MAINT: PR 22840 revisions
• 033b138 MAINT: PR 22840 revisions
• 7a283cc DOC: PR 22840 revisions
• 3d1ea40 BUG: spatial.HalfspaceIntersection: raise on non-feasible half space (#20035)
• d01b984 BUG: ndimage.median_filter: fix segfault when using mode='mirror' (#22608)
• 0879108 MAINT: special.logsumexp: fix bug when weight of largest magnitude component ...
• 9b3b2d8 Merge pull request #22869 from smurfix/main
• Additional commits viewable in compare view

Updates tabulate from 0.9.0 to 0.10.0

Changelog

Sourced from tabulate's changelog.

• 0.10.0: Add support for Python 3.11, 3.12, 3.13, 3.14. Drop support for Python 3.7, 3.8, 3.9. PRESERVE_STERILITY global is replaced with preserve_sterility function argument. New formatting options: headersglobalalign, headersalign, colglobalalign. New output format: colon_grid (Pandoc grid_tables with alignment) Various bug fixes. Improved error messages.

Commits

• 3b4cd50 update HOWTOPUBLISH
• 35ee0f6 update mini-benchmark table
• 37ac76e restore tabulate.version
• 37e1ed0 move # nowa: E931 to a different line (flake8)
• 7bacc90 run pre-commit hooks (black)
• 1b69704 Remove spurious cast in string interpolation
• 4d535af Use specific noqa directives
• 76c3d37 Remove spurious space from error message
• 13508e7 Unnecessary list call
• 69f67cd Do not call getattr with a constant value
• Additional commits viewable in compare view

Updates typing-extensions from 4.12.2 to 4.15.0

Release notes

Sourced from typing-extensions's releases.

4.15.0

No user-facing changes since 4.15.0rc1.

New features since 4.14.1:

• Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
• Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
• Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

4.15.0rc1

• Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
• Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
• Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

4.14.1

Release 4.14.1 (July 4, 2025)

• Fix usage of typing_extensions.TypedDict nested inside other types (e.g., typing.Type[typing_extensions.TypedDict]). This is not allowed by the type system but worked on older versions, so we maintain support.

4.14.0

This release adds several new features, including experimental support for inline typed dictionaries (PEP 764) and sentinels (PEP 661), and support for changes in Python 3.14. In addition, Python 3.8 is no longer supported.

Changes since 4.14.0rc1:

• Remove __or__ and __ror__ methods from typing_extensions.Sentinel on Python versions <3.10. PEP 604 was introduced in Python 3.10, and typing_extensions does not generally attempt to backport PEP-604 methods to prior versions.
• Further update typing_extensions.evaluate_forward_ref with changes in Python 3.14.

Changes included in 4.14.0rc1:

• Drop support for Python 3.8 (including PyPy-3.8). Patch by Victorien Plot.
• Do not attempt to re-export names that have been removed from typing, anticipating the removal of typing.no_type_check_decorator in Python 3.15. Patch by Jelle Zijlstra.
• Update typing_extensions.Format, typing_extensions.evaluate_forward_ref, and typing_extensions.TypedDict to align

... (truncated)

Changelog

Sourced from typing-extensions's changelog.

Release 4.15.0 (August 25, 2025)

No user-facing changes since 4.15.0rc1.

Release 4.15.0rc1 (August 18, 2025)

• Add the @typing_extensions.disjoint_base decorator, as specified in PEP 800. Patch by Jelle Zijlstra.
• Add typing_extensions.type_repr, a backport of annotationlib.type_repr, introduced in Python 3.14 (CPython PR #124551, originally by Jelle Zijlstra). Patch by Semyon Moroz.
• Fix behavior of type params in typing_extensions.evaluate_forward_ref. Backport of CPython PR #137227 by Jelle Zijlstra.

Release 4.14.1 (July 4, 2025)

• Fix usage of typing_extensions.TypedDict nested inside other types (e.g., typing.Type[typing_extensions.TypedDict]). This is not allowed by the type system but worked on older versions, so we maintain support.

Release 4.14.0 (June 2, 2025)

Changes since 4.14.0rc1:

• Remove __or__ and __ror__ methods from typing_extensions.Sentinel on Python versions <3.10. PEP 604 was introduced in Python 3.10, and typing_extensions does not generally attempt to backport PEP-604 methods to prior versions.
• Further update typing_extensions.evaluate_forward_ref with changes in Python 3.14.

Release 4.14.0rc1 (May 24, 2025)

• Drop support for Python 3.8 (including PyPy-3.8). Patch by Victorien Plot.
• Do not attempt to re-export names that have been removed from typing, anticipating the removal of typing.no_type_check_decorator in Python 3.15. Patch by Jelle Zijlstra.
• Update typing_extensions.Format, typing_extensions.evaluate_forward_ref, and typing_extensions.TypedDict to align with changes in Python 3.14. Patches by Jelle Zijlstra.
• Fix tests for Python 3.14 and 3.15. Patches by Jelle Zijlstra.

New features:

• Add support for inline typed dictionaries (PEP 764). Patch by Victorien Plot.
• Add typing_extensions.Reader and typing_extensions.Writer. Patch by Sebastian Rittau.
• Add support for sentinels (PEP 661). Patch by Victorien Plot.

... (truncated)

Commits

• 9d1637e Prepare release 4.15.0 (#658)
• 4bd67c5 Coverage: exclude some noise (#656)
• e589a26 Coverage: add detailed report to job summary (#655)
• 67d37fe Coverage: Implement fail_under (#654)
• e9ae26f Don't delete previous coverage comment (#653)
• ac80bb7 Add Coverage workflow (#623)
• abaaafd Prepare release 4.15.0rc1 (#650)
• 9810405 Add @disjoint_base (PEP 800) (#634)
• 7ee9e05 Backport type_params fix from CPython (#646)
• 1e8eb9c Do not refer to PEP 705 as being experimental (#648)
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[greptile-apps]

Greptile Summary

This is a routine Dependabot dependency bump updating 9 runtime packages to their latest versions. The pinned versions in requirements_pinned.txt (numba 0.64.0 with numpy 2.2.6) are mutually compatible.

However, there is a constraint inconsistency in pyproject.toml: the numpy upper bound was widened from <2.1 to <2.3 to accommodate numpy 2.2.6, but the numba minimum bound (>=0.55) was not updated. This creates a logical gap where a resolver could theoretically select numba 0.60.0 (satisfying >=0.55) with numpy 2.1.x or 2.2.x (satisfying <2.3), but numba 0.60.0 does not support numpy 2.1+. The numba bound should be raised to at least >=0.61.2 to ensure any resolved combination remains compatible.

All other updates (pydantic, scipy, asteval, ruamel-yaml, typing-extensions, netcdf4, tabulate) are minor/patch bumps with no breaking changes relevant to this project.

Confidence Score: 2/5

• The pinned versions in requirements_pinned.txt are compatible and CI will pass, but pyproject.toml has a constraint gap that could cause incompatible installations for end users.
• The PR introduces a logical inconsistency by widening the numpy upper bound to <2.3 while leaving the numba lower bound at >=0.55. Since numba 0.60.0 doesn't support numpy 2.1+ but the constraints allow it, a resolver could create an incompatible pair. This is a clear logic error in the dependency specification that needs to be fixed before merging.
• pyproject.toml — The numba minimum version constraint needs to be raised from >=0.55 to >=0.61.2 to match the widened numpy bounds.

Flowchart

%%{init: {'theme': 'neutral'}}%%
flowchart TD
    A["pyproject.toml<br/>numba>=0.55<br/>numpy>=1.21.2,<2.3"] --> B{"Dependency Resolution"}
    B --> C["numba 0.55–0.60<br/>numpy 2.1/2.2"]
    B --> D["numba 0.61.2+<br/>numpy 2.1/2.2"]
    C --> E["❌ Incompatible<br/>numba <0.61 does not support<br/>numpy 2.1+"]
    D --> F["✅ Compatible"]
    B --> G["requirements_pinned.txt<br/>numba==0.64.0<br/>numpy==2.2.6"]
    G --> F

Loading

_{Last reviewed commit: 32b8065}

[greptile-apps]

Numba minimum version not updated alongside numpy upper bound

The numpy upper bound was bumped from <2.1 to <2.3, allowing numpy 2.1.x and 2.2.x. However, the numba lower bound remains >=0.55, which is too old to support these numpy versions:

• Numba 0.60.0 supports numpy up to 2.0.x only
• Numba 0.61.0 added numpy 2.1.x support
• Numba 0.61.2 added numpy 2.2.x support

A resolver picking numba 0.60.0 (still valid per >=0.55) alongside numpy 2.1.x or 2.2.x (now valid per <2.3) would create an incompatible combination. Update the numba lower bound to at least >=0.61.2 to guarantee compatibility:

Suggested change

	"numba>=0.55",
	"numpy>=1.21.2,<2.1",
	"numpy>=1.21.2,<2.3",
	"numba>=0.61.2",