Bump the prod-deps group across 1 directory with 5 updates

[dependabot]

Bumps the prod-deps group with 5 updates in the / directory:

Package	From	To
google-auth	2.43.0	2.45.0
mistralai	1.6.0	1.9.11
boto3	1.42.9	1.42.10
huggingface-hub	0.34.6	1.2.3
openai	1.109.1	2.12.0

Updates google-auth from 2.43.0 to 2.45.0

Release notes

Sourced from google-auth's releases.

google-auth 2.45.0

2.45.0 (2025-12-15)

Features

• Adding Agent Identity bound token support and handling certificate mismatches with retries (#1890) (b32c934e)

google-auth 2.44.0

2.44.0 (2025-12-12)

Features

• MDS connections use mTLS (#1856) (0387bb95)

• support Python 3.14 (#1822) (0f7097e7)

• add ecdsa p-384 support (#1872) (39c381a5)

• Add shlex to correctly parse executable commands with spaces (#1855) (cf6fc3cc)

• Implement token revocation in STS client and add revoke() metho… (#1849) (d5638986)

Bug Fixes

• Add temporary patch to workload cert logic to accomodate Cloud Run mis-configuration (#1880) (78de7907)

• Delegate workload cert and key default lookup to helper function (#1877) (b0993c7e)

• Use public refresh method for source credentials in ImpersonatedCredentials (#1884) (e0c3296f)

Changelog

Sourced from google-auth's changelog.

2.45.0 (2025-12-15)

Features

• Adding Agent Identity bound token support and handling certificate mismatches with retries (#1890) (b32c934e6b0d09b94c467cd432a0a635e8b05f5c)

2.44.0 (2025-12-13)

Features

• support Python 3.14 (#1822) (0f7097e78f247665b6ef0287d482033f7be2ed6d)
• add ecdsa p-384 support (#1872) (39c381a5f6881b590025f36d333d12eff8dc60fc)
• MDS connections use mTLS (#1856) (0387bb95713653d47e846cad3a010eb55ef2db4c)
• Implement token revocation in STS client and add revoke() metho… (#1849) (d5638986ca03ee95bfffa9ad821124ed7e903e63)
• Add shlex to correctly parse executable commands with spaces (#1855) (cf6fc3cced78bc1362a7fe596c32ebc9ce03c26b)

Bug Fixes

• Use public refresh method for source credentials in ImpersonatedCredentials (#1884) (e0c3296f471747258f6d98d2d9bfde636358ecde)
• Add temporary patch to workload cert logic to accomodate Cloud Run mis-configuration (#1880) (78de7907b8bdb7b5510e3c6fa8a3f3721e2436d7)
• Delegate workload cert and key default lookup to helper function (#1877) (b0993c7edaba505d0fb0628af28760c43034c959)

Commits

• 08fabf7 chore: librarian release pull request: 20251215T132028Z (#1891)
• b32c934 feat: Adding Agent Identity bound token support and handling certificate mism...
• 262eb9e chore: librarian release pull request: 20251212T161150Z (#1888)
• 0f7097e feat: support Python 3.14 (#1822)
• e0c3296 fix(auth): Use public refresh method for source credentials in ImpersonatedCr...
• 78de790 fix(auth): Add temporary patch to workload cert logic to accomodate Cloud Run...
• 3e8a566 chore(tests): allow expired secret in system tests (#1883)
• b0993c7 fix(auth): Delegate workload cert and key default lookup to helper function (...
• 2c374d3 chore: update secret (#1879)
• 39c381a feat: add ecdsa p-384 support (#1872)
• Additional commits viewable in compare view

Updates mistralai from 1.6.0 to 1.9.11

Release notes

Sourced from mistralai's releases.

python - v1.9.11 - 2025-10-02 15:52:34

Generated by Speakeasy CLI

2025-10-02 15:52:34

Changes

Based on:

• OpenAPI Doc 1.0.0
• Speakeasy CLI 1.606.10 (2.687.13) https://github.com/speakeasy-api/speakeasy

Generated

• [python v1.9.11] .

Releases

• [PyPI v1.9.11] https://pypi.org/project/mistralai/1.9.11 - .

Publishing Completed

python - v1.9.10 - 2025-09-02 07:43:34

Generated by Speakeasy CLI

2025-09-02 07:02:26

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.568.2 (2.634.2) https://github.com/speakeasy-api/speakeasy

Generated

• [python v1.9.10] .

Releases

• [PyPI v1.9.10] https://pypi.org/project/mistralai/1.9.10 - .

Publishing Completed

python - v1.9.9 - 2025-08-26 17:40:00

Generated by Speakeasy CLI

2025-08-26 17:34:05

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.568.2 (2.634.2) https://github.com/speakeasy-api/speakeasy

Generated

• [python v1.9.9] .

Releases

• [PyPI v1.9.9] https://pypi.org/project/mistralai/1.9.9 - .

Publishing Completed

python - v1.9.8 - 2025-08-25 16:29:24

Generated by Speakeasy CLI

2025-08-25 14:54:06

Changes

... (truncated)

Changelog

Sourced from mistralai's changelog.

2024-08-07 14:25:13

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.356.0 (2.388.1) https://github.com/speakeasy-api/speakeasy

Generated

• [python v1.0.0] .

Releases

• [PyPI v1.0.0] https://pypi.org/project/mistralai/1.0.0 - .

2024-08-08 18:12:16

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.357.4 (2.390.6) https://github.com/speakeasy-api/speakeasy

Generated

• [python v1.0.1] .

Releases

• [PyPI v1.0.1] https://pypi.org/project/mistralai/1.0.1 - .

2024-08-20 08:36:28

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.376.0 (2.402.5) https://github.com/speakeasy-api/speakeasy

Generated

• [python v1.0.2] .

Releases

• [PyPI v1.0.2] https://pypi.org/project/mistralai/1.0.2 - .

2024-08-29 09:09:05

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.382.0 (2.404.11) https://github.com/speakeasy-api/speakeasy

Generated

• [python v1.0.3] .

Releases

• [PyPI v1.0.3] https://pypi.org/project/mistralai/1.0.3 - .

2024-09-13 16:21:24

Changes

Based on:

• OpenAPI Doc
• Speakeasy CLI 1.396.7 (2.415.6) https://github.com/speakeasy-api/speakeasy

Generated

• [python v1.1.0] .

Releases

... (truncated)

Commits

• 992b0cb ci: regenerated with OpenAPI Doc , Speakeasy CLI 1.606.10 (#277)
• 824187d Update Speakeasy SDKs to version 1.606.10 (#275)
• 2bdff9f Merge pull request #271 from mistralai/speakeasy-sdk-regen-1756796562
• d985faa Skip flaky remote MCP server example
• 3784b47 ci: regenerated with OpenAPI Doc , Speakeasy CLI 1.568.2
• 806e91d ci: regenerated with OpenAPI Doc , Speakeasy CLI 1.568.2 (#268)
• 049014b Fix: update base azure sdk file to include OCR (#267)
• 16d470c chore: 🐝 Update SDK - Generate MISTRALAI MISTRALAI-SDK 1.9.8 (#266)
• 9357abe Merge pull request #265 from mistralai/speakeasy-sdk-regen-1755678497
• a0c4bac ci: regenerated with OpenAPI Doc , Speakeasy CLI 1.568.2
• Additional commits viewable in compare view

Updates boto3 from 1.42.9 to 1.42.10

Commits

• 2b328a1 Merge branch 'release-1.42.10'
• 3e83ce4 Bumping version to 1.42.10
• ecb2be4 Add changelog entries from botocore
• cc0a3ca Merge branch 'release-1.42.9' into develop
• See full diff in compare view

Updates huggingface-hub from 0.34.6 to 1.2.3

Release notes

Sourced from huggingface-hub's releases.

[v1.2.3] Fix private default value in CLI

Patch release for #3618 by @​Wauplin.

When creating a new repo, we should default to private=None instead of private=False. This is already the case when using the API but not when using the CLI. This is a bug likely introduced when switching to Typer. When defaulting to None, the repo visibility will default to False except if the organization has configured repos to be "private by default" (the check happens server-side, so it shouldn't be hardcoded client-side).

Full Changelog: huggingface/huggingface_hub@v1.2.2...v1.2.3

[v1.2.2] Fix unbound local error in local folder metadata + fix hf auth list logs

• Fix unbound local error when reading corrupted metadata files by @​Wauplin in #3610
• Fix auth_list not showing HF_TOKEN message when no stored tokens exist by @​hanouticelina in #3608

Full Changelog: huggingface/huggingface_hub@v1.2.1...v1.2.2

v1.2.1: Smarter Rate Limit Handling, Daily Papers API and more QoL improvements!

🚦 Smarter Rate Limit Handling

We've improved how the huggingface_hub library handles rate limits from the Hub. When you hit a rate limit, you'll now see clear, actionable error messages telling you exactly how long to wait and how many requests you have left.

HfHubHTTPError: 429 Too Many Requests for url: https://huggingface.co/api/models/username/reponame.
Retry after 55 seconds (0/2500 requests remaining in current 300s window).

When a 429 error occurs, the SDK automatically parses the RateLimit header to extract the exact number of seconds until the rate limit resets, then waits precisely that duration before retrying. This applies to file downloads (i.e. Resolvers), uploads, and paginated Hub API calls (list_models, list_datasets, list_spaces, etc.).

More info about Hub rate limits in the docs 👉 here.

• Parse rate limit headers for better 429 error messages by @​hanouticelina in #3570
• Use rate limit headers for smarter retry in http backoff by @​hanouticelina in #3577
• Harmonize retry behavior for metadata fetch and HfFileSystem by @​hanouticelina in #3583
• Add retry for preupload endpoint by @​hanouticelina in #3588
• Use default retry values in pagination by @​hanouticelina in #3587

✨ HF API

Daily Papers endpoint: You can now programmatically access Hugging Face's daily papers feed. You can filter by week, month, or submitter, and sort by publication date or trending.

from huggingface_hub import list_daily_papers
for paper in list_daily_papers(date="2025-12-03"):
print(paper.title)
DeepSeek-V3.2: Pushing the Frontier of Open Large Language Models
ToolOrchestra: Elevating Intelligence via Efficient Model and Tool Orchestration
MultiShotMaster: A Controllable Multi-Shot Video Generation Framework
Deep Research: A Systematic Survey
MG-Nav: Dual-Scale Visual Navigation via Sparse Spatial Memory
...
</tr></table>

... (truncated)

Commits

• 90faf8b Release: v1.2.3
• e333fed [CLI] Fix private should default to None, not False (#3618)
• 222bb9d Release: v1.2.2
• 877cec0 Fix unbound local error when reading corrupted metadata files (#3610)
• 8519f0d log a message when HF_TOKEN is set in auth list (#3608)
• d0bc914 Release: v1.2.1
• 59dd9f5 Merge branch 'main' into v1.2-release
• 5ad0254 Rename utility to is_offline_mode (#3598)
• 231c4cc Release: v1.2.0
• dc6e7be Release: v1.2.0.rc0
• Additional commits viewable in compare view

Updates openai from 1.109.1 to 2.12.0

Release notes

Sourced from openai's releases.

v2.12.0

2.12.0 (2025-12-15)

Full Changelog: v2.11.0...v2.12.0

Features

• api: api update (a95c4d0)
• api: fix grader input list, add dated slugs for sora-2 (b2c389b)

v2.11.0

2.11.0 (2025-12-11)

Full Changelog: v2.10.0...v2.11.0

Features

• api: gpt 5.2 (dd9b8e8)

v2.10.0

2.10.0 (2025-12-10)

Full Changelog: v2.9.0...v2.10.0

Features

• api: make model required for the responses/compact endpoint (a12936b)

Bug Fixes

• types: allow pyright to infer TypedDict types within SequenceNotStr (8f0d230)

Chores

• add missing docstrings (f20a9a1)
• internal: update docstring (9a993f2)

v2.9.0

2.9.0 (2025-12-04)

Full Changelog: v2.8.1...v2.9.0

Features

• api: gpt-5.1-codex-max and responses/compact (22f646e)

Bug Fixes

... (truncated)

Changelog

Sourced from openai's changelog.

2.12.0 (2025-12-15)

Full Changelog: v2.11.0...v2.12.0

Features

• api: api update (a95c4d0)
• api: fix grader input list, add dated slugs for sora-2 (b2c389b)

2.11.0 (2025-12-11)

Full Changelog: v2.10.0...v2.11.0

Features

• api: gpt 5.2 (dd9b8e8)

2.10.0 (2025-12-10)

Full Changelog: v2.9.0...v2.10.0

Features

• api: make model required for the responses/compact endpoint (a12936b)

Bug Fixes

• types: allow pyright to infer TypedDict types within SequenceNotStr (8f0d230)

Chores

• add missing docstrings (f20a9a1)
• internal: update docstring (9a993f2)

2.9.0 (2025-12-04)

Full Changelog: v2.8.1...v2.9.0

Features

• api: gpt-5.1-codex-max and responses/compact (22f646e)

Bug Fixes

• client: avoid mutating user-provided response config object (#2700) (e040d22)
• ensure streams are always closed (0b1a27f)
• streaming: correct indentation (575bbac)

... (truncated)

Commits

• 9688ac0 release: 2.12.0
• 8bb16f7 feat(api): fix grader input list, add dated slugs for sora-2
• caa4a48 feat(api): api update
• 43e324e release: 2.11.0
• 752a293 feat(api): gpt 5.2
• ef00216 release: 2.10.0 (#2767)
• dc76021 release: 2.9.0
• f45b3c3 fix bad merge
• 96b9e70 manually readd
• 61841f4 fix import
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

MLCommons CLA bot All contributors have signed the MLCommons CLA ✍️ ✅

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.