Skip to content

Bump the python-deps group across 1 directory with 5 updates#110

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/python-deps-9f0a1deab7
Open

Bump the python-deps group across 1 directory with 5 updates#110
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/python-deps-9f0a1deab7

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Mar 13, 2026

Bumps the python-deps group with 5 updates in the / directory:

Package From To
numpy 2.4.2 2.4.3
onnxruntime 1.24.2 1.24.3
python-dotenv 1.2.1 1.2.2
typer 0.24.0 0.24.1
ruff 0.15.2 0.15.6

Updates numpy from 2.4.2 to 2.4.3

Release notes

Sourced from numpy's releases.

2.4.3 (Mar 9, 2026)

NumPy 2.4.3 Release Notes

The NumPy 2.4.3 is a patch release that fixes bugs discovered after the 2.4.2 release. The most user visible fix may be a threading fix for OpenBLAS on ARM, closing issue #30816.

This release supports Python versions 3.11-3.14

Contributors

A total of 11 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Antareep Sarkar +
  • Charles Harris
  • Joren Hammudoglu
  • Matthieu Darbois
  • Matti Picus
  • Nathan Goldbaum
  • Peter Hawkins
  • Pieter Eendebak
  • Sebastian Berg
  • Warren Weckesser
  • stratakis +

Pull requests merged

A total of 14 pull requests were merged for this release.

  • #30759: MAINT: Prepare 2.4.x for further development
  • #30827: BUG: Fix some leaks found via LeakSanitizer (#30756)
  • #30841: MAINT: Synchronize 2.4.x submodules with main
  • #30849: TYP: matlib: missing extended precision imports
  • #30850: BUG: Fix weak hash function in np.isin(). (#30840)
  • #30921: BUG: fix infinite recursion in np.ma.flatten_structured_array...
  • #30922: BUG: Fix buffer overrun in CPU baseline validation (#30877)
  • #30923: BUG: Fix busdaycalendar's handling of a bool array weekmask....
  • #30924: BUG: Fix reference leaks and NULL pointer dereferences (#30908)
  • #30925: MAINT: fix two minor issues noticed when touching the C API setup
  • #30955: ENH: Test .kind not .char in np.testing.assert_equal (#30879)
  • #30957: BUG: fix type issues in uses if PyDataType macros
  • #30958: MAINT: Don't use vulture 2.15, it has false positives
  • #30973: MAINT: update openblas (#30961)
Commits
  • 8bcb2e7 Merge pull request #30974 from charris/prepare-2.4.3
  • 9a2b5ee REL: Prepare for the NumPy 2.4.3 release
  • a822ac2 Merge pull request #30973 from charris/backport-30961
  • 039bf54 MAINT: update openblas (#30961)
  • 254bafa Merge pull request #30955 from charris/backport-30879
  • 0cc7d38 ENH: Test .kind not .char in np.testing.assert_equal (#30879)
  • 9ee571d Merge pull request #30957 from charris/backport-30918
  • f302a16 Merge pull request #30958 from charris/backport-30938
  • d240a09 MAINT: Don't use vulture 2.15, it has false positives
  • 4fc08e9 MAINT: Don't use vulture 2.15, it has false positives
  • Additional commits viewable in compare view

Updates onnxruntime from 1.24.2 to 1.24.3

Release notes

Sourced from onnxruntime's releases.

ONNX Runtime v1.24.3

This is a patch release for ONNX Runtime 1.24, containing bug fixes, security improvements, performance enhancements, and execution provider updates.

Security Fixes

  • Core: Fixed GatherCopyData integer truncation leading to heap out-of-bounds read/write. (#27444)
  • Core: Fixed RoiAlign heap out-of-bounds read via unchecked batch_indices. (#27543)
  • Core: Prevent heap OOB from maliciously crafted Lora Adapters. (#27518)
  • Core: Fixed out-of-bounds access for Resize operation. (#27419)

Bug Fixes

  • Core: Fixed GatherND division by zero when batch dimensions mismatch. (#27090)
  • Core: Fixed validation for external data paths for models loaded from bytes. (#27430)
  • Core: Fixed SkipLayerNorm fusion incorrectly applied when gamma/beta are not 1D. (#27459)
  • Core: Fixed double-free in TRT EP custom op domain Release functions. (#27471)
  • Core: Fixed QMoE CPU Operator. (#27360)
  • Core: Fixed MatmulNBits prepacking scales. (#27412)
  • Python: Fixed refcount bug in map input conversion that caused shutdown segfault. (#27413)
  • NuGet: Fixed DllImportResolver. (#27397)
  • NuGet: Added OrtEnv.DisableDllImportResolver to prevent fatal error on resolver conflict. (#27535)

Performance Improvements

  • Core: QMoE CPU performance update (up to 4x on 4-bit). (#27364)
  • Core: Fixed O(n²) model load time for TreeEnsemble with categorical feature chains. (#27391)

Execution Provider Updates

  • NvTensorRtRtx EP:
    • Avoid repetitive creation of fp4/fp8 native-custom-op domains. (#27192)
    • Added missing override specifiers to suppress warnings. (#27288)
    • DQ→MatMulNBits fusion transformer. (#27466)
  • WebGPU:
    • Used embedded WASM module in Blob URL workers when wasmBinary is provided. (#27318)
    • Fixed usage of wasmBinary together with a blob URL for .mjs. (#27411)
    • Removed the unhelpful "Unknown CPU vendor" warning. (#27399)
    • Allows new memory info name for WebGPU. (#27475)
  • MLAS:
    • Added DynamicQGemm function pointers and ukernel interface. (#27403)
    • Fixed error where bytes is not assigned for dynamic qgemm pack b size. (#27421)
  • VitisAI EP: Removed s_kernel_registry_vitisaiep.reset() in deinitialize_vitisai_ep(). (#27295)
  • Plugin EPs: Added "library_path" metadata entry to OrtEpDevice instances for plugin and provider bridge EPs. (#27522)

Build and Infrastructure

  • Pipelines:
    • Build Windows ARM64X binaries as part of packaging pipeline. (#27316)
    • Moved JAR testing pipelines to canonical pipeline template. (#27480)
  • Python: Enabled Python 3.14 CI and upgraded dependencies. (#27401)
  • Build: Suppressed spurious Array Out of Bounds warnings produced by GCC 14.2 compiler on Linux builds. (#27454)
  • Build: Fixed -Warray-bounds build error in MLAS on clang 17+. (#27499)
  • Telemetry: Added/Updated telemetry events. (#27356)
  • Config: Increased kMaxValueLength to 8192. (#27521)

... (truncated)

Commits

Updates python-dotenv from 1.2.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

  • The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Support for Python 3.9.

Fixed

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

New Contributors

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

  • The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Dropped Support for Python 3.9.

Fixed

  • Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
  • Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Commits

Updates typer from 0.24.0 to 0.24.1

Release notes

Sourced from typer's releases.

0.24.1

Internal

Changelog

Sourced from typer's changelog.

0.24.1

Internal

Commits
  • eaec8fa 🔖 Release version 0.24.1
  • c73cc2b 📝 Update release notes
  • 6c6259c 👷 Fix CI, do not attempt to build typer-slim, nor typer-cli (#1569)
  • bc65ad8 📝 Update release notes
  • 3aedc0a ➖ Drop support for typer-slim and typer-cli, no more versions will be rel...
  • 4b13020 📝 Update release notes
  • 19aaf0b ⬆ Bump rich from 14.3.2 to 14.3.3 (#1565)
  • 0ece295 📝 Update release notes
  • 833c005 📝 Update release notes
  • 64c0dcb ⬆ Bump pydantic-settings from 2.13.0 to 2.13.1 (#1566)
  • Additional commits viewable in compare view

Updates ruff from 0.15.2 to 0.15.6

Release notes

Sourced from ruff's releases.

0.15.6

Release Notes

Released on 2026-03-12.

Preview features

  • Add support for lazy import parsing (#23755)
  • Add support for star-unpacking of comprehensions (PEP 798) (#23788)
  • Reject semantic syntax errors for lazy imports (#23757)
  • Drop a few rules from the preview default set (#23879)
  • [airflow] Flag Variable.get() calls outside of task execution context (AIR003) (#23584)
  • [airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#23631)
  • [flake8-bugbear] Implement delattr-with-constant (B043) (#23737)
  • [flake8-tidy-imports] Add TID254 to enforce lazy imports (#23777)
  • [flake8-tidy-imports] Allow users to ban lazy imports with TID254 (#23847)
  • [isort] Retain lazy keyword when sorting imports (#23762)
  • [pyupgrade] Add from __future__ import annotations automatically (UP006) (#23260)
  • [refurb] Support newline parameter in FURB101 for Python 3.13+ (#23754)
  • [ruff] Add os-path-commonprefix (RUF071) (#23814)
  • [ruff] Add unsafe fix for os-path-commonprefix (RUF071) (#23852)
  • [ruff] Limit RUF036 to typing contexts; make it unsafe for non-typing-only (#23765)
  • [ruff] Use starred unpacking for RUF017 in Python 3.15+ (#23789)

Bug fixes

  • Fix --add-noqa creating unwanted leading whitespace (#23773)
  • Fix --add-noqa breaking shebangs (#23577)
  • [formatter] Fix lambda body formatting for multiline calls and subscripts (#23866)
  • [formatter] Preserve required annotation parentheses in annotated assignments (#23865)
  • [formatter] Preserve type-expression parentheses in the formatter (#23867)
  • [flake8-annotations] Fix stack overflow in ANN401 on quoted annotations with escape sequences (#23912)
  • [pep8-naming] Check naming conventions in match pattern bindings (N806, N815, N816) (#23899)
  • [perflint] Fix comment duplication in fixes (PERF401, PERF403) (#23729)
  • [pyupgrade] Properly trigger super change in nested class (UP008) (#22677)
  • [ruff] Avoid syntax errors in RUF036 fixes (#23764)

Rule changes

  • [flake8-bandit] Flag S501 with requests.request (#23873)
  • [flake8-executable] Fix WSL detection in non-Docker containers (#22879)
  • [flake8-print] Ignore pprint calls with stream= (#23787)

Documentation

  • Update docs for Markdown code block formatting (#23871)
  • [flake8-bugbear] Fix misleading description for B904 (#23731)

Contributors

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.6

Released on 2026-03-12.

Preview features

  • Add support for lazy import parsing (#23755)
  • Add support for star-unpacking of comprehensions (PEP 798) (#23788)
  • Reject semantic syntax errors for lazy imports (#23757)
  • Drop a few rules from the preview default set (#23879)
  • [airflow] Flag Variable.get() calls outside of task execution context (AIR003) (#23584)
  • [airflow] Flag runtime-varying values in DAG/task constructor arguments (AIR304) (#23631)
  • [flake8-bugbear] Implement delattr-with-constant (B043) (#23737)
  • [flake8-tidy-imports] Add TID254 to enforce lazy imports (#23777)
  • [flake8-tidy-imports] Allow users to ban lazy imports with TID254 (#23847)
  • [isort] Retain lazy keyword when sorting imports (#23762)
  • [pyupgrade] Add from __future__ import annotations automatically (UP006) (#23260)
  • [refurb] Support newline parameter in FURB101 for Python 3.13+ (#23754)
  • [ruff] Add os-path-commonprefix (RUF071) (#23814)
  • [ruff] Add unsafe fix for os-path-commonprefix (RUF071) (#23852)
  • [ruff] Limit RUF036 to typing contexts; make it unsafe for non-typing-only (#23765)
  • [ruff] Use starred unpacking for RUF017 in Python 3.15+ (#23789)

Bug fixes

  • Fix --add-noqa creating unwanted leading whitespace (#23773)
  • Fix --add-noqa breaking shebangs (#23577)
  • [formatter] Fix lambda body formatting for multiline calls and subscripts (#23866)
  • [formatter] Preserve required annotation parentheses in annotated assignments (#23865)
  • [formatter] Preserve type-expression parentheses in the formatter (#23867)
  • [flake8-annotations] Fix stack overflow in ANN401 on quoted annotations with escape sequences (#23912)
  • [pep8-naming] Check naming conventions in match pattern bindings (N806, N815, N816) (#23899)
  • [perflint] Fix comment duplication in fixes (PERF401, PERF403) (#23729)
  • [pyupgrade] Properly trigger super change in nested class (UP008) (#22677)
  • [ruff] Avoid syntax errors in RUF036 fixes (#23764)

Rule changes

  • [flake8-bandit] Flag S501 with requests.request (#23873)
  • [flake8-executable] Fix WSL detection in non-Docker containers (#22879)
  • [flake8-print] Ignore pprint calls with stream= (#23787)

Documentation

  • Update docs for Markdown code block formatting (#23871)
  • [flake8-bugbear] Fix misleading description for B904 (#23731)

Contributors

... (truncated)

Commits
  • e4c7f35 Bump 0.15.6 (#23919)
  • edfe6c1 [ty] Narrow type context during collection literal inference (#23844)
  • dd16d68 Exclude broken symlink in ecosystem check (#23921)
  • 3f94c6a Fix stack overflow in ANN401 on quoted annotations with escape sequences (#23...
  • 91fc7bd [ty] Fix false-positive diagnostics for PEP-604 union annotations on attribut...
  • 04229cf [ty] Initial test suite for PEP-728 TypedDict features (#23832)
  • 728b9d6 [pep8-naming] Check naming conventions in match pattern bindings (N806,...
  • 88d1eec [ty] Ensure a type[] type T is always considered assignable to a union th...
  • 37cdd61 Fix lambda body formatting for multiline calls and subscripts (#23866)
  • a25a4df [ty] Disambiguate duplicate-looking overloaded callables in union display (#2...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-deps group across 1 directory with 5 updates
71fd6f7 
Bumps the python-deps group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [numpy](https://github.com/numpy/numpy) | `2.4.2` | `2.4.3` |
| [onnxruntime](https://github.com/microsoft/onnxruntime) | `1.24.2` | `1.24.3` |
| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |
| [typer](https://github.com/fastapi/typer) | `0.24.0` | `0.24.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.2` | `0.15.6` |



Updates `numpy` from 2.4.2 to 2.4.3
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.4.2...v2.4.3)

Updates `onnxruntime` from 1.24.2 to 1.24.3
- [Release notes](https://github.com/microsoft/onnxruntime/releases)
- [Changelog](https://github.com/microsoft/onnxruntime/blob/main/docs/ReleaseManagement.md)
- [Commits](microsoft/onnxruntime@v1.24.2...v1.24.3)

Updates `python-dotenv` from 1.2.1 to 1.2.2
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](theskumar/python-dotenv@v1.2.1...v1.2.2)

Updates `typer` from 0.24.0 to 0.24.1
- [Release notes](https://github.com/fastapi/typer/releases)
- [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md)
- [Commits](fastapi/typer@0.24.0...0.24.1)

Updates `ruff` from 0.15.2 to 0.15.6
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.2...0.15.6)

---
updated-dependencies:
- dependency-name: numpy
  dependency-version: 2.4.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: onnxruntime
  dependency-version: 1.24.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: python-dotenv
  dependency-version: 1.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: typer
  dependency-version: 0.24.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-deps
- dependency-name: ruff
  dependency-version: 0.15.6
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-deps
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants