Skip to content

Bump the python-packages group with 8 updates#43

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python-packages-4bf78f322e
Open

Bump the python-packages group with 8 updates#43
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python-packages-4bf78f322e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 1, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-packages group with 8 updates:

Package From To
duckdb 1.5.3 1.5.4
jupyterlab 4.5.7 4.6.0
jupytext 1.19.3 1.19.4
lancedb 0.30.2 0.33.0
matplotlib 3.10.9 3.11.0
ome-arrow 0.0.10 0.0.11
ome-iris 0.0.4 0.0.5
vortex-data 0.73.0 0.75.0

Updates duckdb from 1.5.3 to 1.5.4

Release notes

Sourced from duckdb's releases.

v1.5.4 Bugfix Release

See DuckDB's changelog for all changes in DuckDB.

What's Changed in DuckDB-Python

Commits
  • 305369d Pin duckdb at release hash 08e34c447b
  • 6ac2daa Unify arrow exports across all query result types (#495)
  • 3211977 force windows 2022 runners
  • c8c35eb Get the arrow schema in a separate transaction for materialized data only
  • 7ddc75f run schema fetching in same transaction as arrow data conversion and only once
  • 5fd7f69 strip comments
  • 426f6cc Pull materialized CDCs through the engine again for arrow conversion with a l...
  • b936678 Accept pathlib.Path, os.PathLike, bytes, and file-like objects in read_parque...
  • b41a92c [duckdb-labs bot] Bump DuckDB submodule (#488)
  • 1e41c88 accept pathlib.Path, os.PathLike, bytes, and file-like objects in read_parque...
  • Additional commits viewable in compare view

Updates jupyterlab from 4.5.7 to 4.6.0

Release notes

Sourced from jupyterlab's releases.

v4.6.0

4.6.0

New features added

Deprecated features

Enhancements made

... (truncated)

Commits

Updates jupytext from 1.19.3 to 1.19.4

Release notes

Sourced from jupytext's releases.

Version 1.19.4

Changed

  • Jupytext's documentation is now at https://jupytext.org! (#1538)
  • We have moved Jupytext to its own Jupytext organization (#1546)
  • Updated the JupyterLab extension production dependencies (12 patch updates) (#1541)
  • We require pandoc<3.10 on the CI as pandoc converts the "3.10" string to a float, which then causes issues in Jupytext (#1545)
  • Fixed the CI so that tests also run on scheduled runs, and so that jupyterfs tests are skipped when their initialization fails (#1539)
  • In the CI, the extension is build using a dedicated build pixi environment.

Fixed

  • We now support unicode characters while dumping YAML (#1542)

Added

  • A new custom_language_magics option is available (#1491). Thanks to steovd for making the PR!

Security

  • Fixed GHSA-m22c-4q2m-m5wr: the update-playwright-snapshots workflow was triggerable by any user via an issue_comment event. It now checks that the comment author is an OWNER, MEMBER, or COLLABORATOR before running (#1535)
  • Set persist-credentials: false on all workflow checkout steps as defense-in-depth, preventing a live GITHUB_TOKEN from being left in .git/config where attacker-controlled build hooks could read it. This is strictly required only for update-playwright-snapshots (fixed above), but applies to all workflows so they remain safe if their scope is later extended.
Changelog

Sourced from jupytext's changelog.

1.19.4 (2026-06-21)

Changed

  • Jupytext's documentation is now at https://jupytext.org! (#1538)
  • We have moved Jupytext to its own Jupytext organization (#1546)
  • Updated the JupyterLab extension production dependencies (12 patch updates) (#1541)
  • We require pandoc<3.10 on the CI as pandoc converts the "3.10" string to a float, which then causes issues in Jupytext (#1545)
  • Fixed the CI so that tests also run on scheduled runs, and so that jupyterfs tests are skipped when their initialization fails (#1539)
  • In the CI, the extension is build using a dedicated build pixi environment.

Fixed

  • We now support unicode characters while dumping YAML (#1542)

Added

  • A new custom_language_magics option is available (#1491). Thanks to steovd for making the PR!

Security

  • Fixed GHSA-m22c-4q2m-m5wr: the update-playwright-snapshots workflow was triggerable by any user via an issue_comment event. It now checks that the comment author is an OWNER, MEMBER, or COLLABORATOR before running (#1535)
  • Set persist-credentials: false on all workflow checkout steps as defense-in-depth, preventing a live GITHUB_TOKEN from being left in .git/config where attacker-controlled build hooks could read it. This is strictly required only for update-playwright-snapshots (fixed above), but applies to all workflows so they remain safe if their scope is later extended.
Commits
  • 95cd281 Fix: quarto example
  • 8ef90bb Move Jupytext to a Jupytext organization
  • 7cfe21d Update the jupytext.org website (#1561)
  • 590ce61 build(deps): bump undici
  • 61e7163 Add custom_language_magics option to support user-defined language magics i...
  • 1d464eb Fix: use comment-tag to update the existing PR comment (#1560)
  • 7a65533 Fix CI: Build the extension with a dedicated pixi environment (#1558)
  • cbf24f8 docs: add changelog entries for #1539, #1540, and #1541
  • 7e433c5 ci: set persist-credentials: false on all workflow checkouts
  • 2d09640 build(deps): bump the jupytext-extension-dependencies group across 2 director...
  • Additional commits viewable in compare view

Updates lancedb from 0.30.2 to 0.33.0

Release notes

Sourced from lancedb's releases.

Python LanceDB v0.33.0

🛠 Breaking Changes

🎉 New Features

🐛 Bug Fixes

📚 Documentation

🔧 Build and CI

... (truncated)

Commits
  • c0a9a4d ci: fix pypi publish on mac/windows/arm (#3449)
  • 32c3d39 Bump version: 0.30.0-beta.2 → 0.30.0
  • 7a41f4a Bump version: 0.30.0-beta.1 → 0.30.0-beta.2
  • 28fc8f0 Bump version: 0.33.0-beta.2 → 0.33.0
  • 7677a52 Bump version: 0.33.0-beta.1 → 0.33.0-beta.2
  • b6c6455 chore: update lance dependency to v7.0.0
  • a9f49c8 fix: allow appending arrow.json data into lance.json tables (#3429)
  • a7d9f2e fix: remove primary key constraint from MemWAL bucket sharding (#3435)
  • 7dba793 fix(rerankers): inverted scores and incorrect missing-FTS penalty in LinearCo...
  • 87bd669 chore(deps): bump the rust-minor-patch group across 1 directory with 2 update...
  • Additional commits viewable in compare view

Updates matplotlib from 3.10.9 to 3.11.0

Release notes

Sourced from matplotlib's releases.

REL: v3.11.0

The largest change within this release is a complete overhaul of text and font processing. Through the use of libraqm, HarfBuzz, SheenBidi, and an updated release of FreeType, all text should now support modern font features, enabling full internationalization in all languages. Not all features of these libraries are supported yet, but we expect this work to enable further improvements in an easier manner.

Outside of text handling, there are several improvements to 3D Axes, performance, new accessible colour sequences, flexible figure management, and more. See the release notes for more information.

REL: v3.11.0rc2

This is the second release candidate for the meso release 3.11.0.

This release candidate fixes some problems with downstream packages, removes some missed deprecations, and corrects some additional minor bugs.

REL: v3.11.0rc1

After an extended development stretch, we are pleased to announce the first release candidate of Matplotlib 3.11.0.

The largest change within this release is a complete overhaul of text and font processing. Through the use of libraqm, HarfBuzz, SheenBidi, and an updated release of FreeType, all text should now support modern font features, enabling full internationalization in all languages. Not all features of these libraries are supported yet, but we expect this work to enable further improvements in an easier manner. Due to the update to the font rendering stack, we cannot guarantee that text will be bit-for-bit perfect with previous releases, so if you are using Matplotlib for testing, it may be necessary to introduce/raise a tolerance within your tests.

Outside of text handling, there are several improvements to 3D Axes, performance, new accessible colour sequences, flexible figure management, and more. Final release notes are still being curated, but you may browse the list of new features, API changes, and all issues/pull requests on the milestone.

As a note for downstream packagers, the font libraries have only been tested against the versions bundled with the wheels. It may be possible to expand the range of requirements, or that a requirement is too broad. Please report any issues you have building against external dependencies.

Commits
  • 69c7534 REL: v3.11.0
  • b7d912b DOC: Set 3.11 as preferred stable release
  • 7c3d502 Update Security Policy for 3.11
  • 964e73d DOC: Prepare GitHub stats for 3.11 final
  • bfa2633 Bump font manager version to final release
  • d0603b2 Merge pull request #31873 from meeseeksmachine/auto-backport-of-pr-31706-on-v...
  • edf5ebc Backport PR #31706: Fix clabel manual index
  • c0e80b7 Merge pull request #31872 from meeseeksmachine/auto-backport-of-pr-31868-on-v...
  • 2a14854 Backport PR #31868: DOC: Move errorbar examples to the statistics sections
  • ea43d96 Merge pull request #31871 from meeseeksmachine/auto-backport-of-pr-31870-on-v...
  • Additional commits viewable in compare view

Updates ome-arrow from 0.0.10 to 0.0.11

Release notes

Sourced from ome-arrow's releases.

v0.0.11

Changes

Commits
  • 4d46cd3 Expose chunk encoding and compression options for TIFF and OME-Zarr ingestion...
  • 8ae3331 Bump jupyterlab from 4.5.7 to 4.5.9 (#87)
  • 481dc1e Bump ujson from 5.12.1 to 5.13.0 (#86)
  • 2de6fae Bump msgpack from 1.1.2 to 1.2.1 (#85)
  • 8ee2725 Bump jupyter-server from 2.18.0 to 2.20.0 (#83)
  • 4516425 Bump bleach from 6.2.0 to 6.4.0 (#82)
  • 6619aab Bump tornado from 6.5.6 to 6.5.7 (#81)
  • 701ee5b Bump aiohttp from 3.14.0 to 3.14.1 (#80)
  • 6cba04b Bump tornado from 6.5.5 to 6.5.6 (#79)
  • e3a6bd6 Bump aiohttp from 3.13.4 to 3.14.0 (#76)
  • Additional commits viewable in compare view

Updates ome-iris from 0.0.4 to 0.0.5

Commits

Updates vortex-data from 0.73.0 to 0.75.0

Release notes

Sourced from vortex-data's releases.

0.75.0

Changes

⚠️ Breaks

🚧 Deprecation

✨ Features

🚀 Performance

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the python-packages group with 8 updates:

| Package | From | To |
| --- | --- | --- |
| [duckdb](https://github.com/duckdb/duckdb-python) | `1.5.3` | `1.5.4` |
| [jupyterlab](https://github.com/jupyterlab/jupyterlab) | `4.5.7` | `4.6.0` |
| [jupytext](https://github.com/jupytext/jupytext) | `1.19.3` | `1.19.4` |
| [lancedb](https://github.com/lancedb/lancedb) | `0.30.2` | `0.33.0` |
| [matplotlib](https://github.com/matplotlib/matplotlib) | `3.10.9` | `3.11.0` |
| [ome-arrow](https://github.com/wayscience/ome-arrow) | `0.0.10` | `0.0.11` |
| [ome-iris](https://github.com/d33bs/OME-IRIS) | `0.0.4` | `0.0.5` |
| [vortex-data](https://github.com/spiraldb/vortex) | `0.73.0` | `0.75.0` |


Updates `duckdb` from 1.5.3 to 1.5.4
- [Release notes](https://github.com/duckdb/duckdb-python/releases)
- [Commits](duckdb/duckdb-python@v1.5.3...v1.5.4)

Updates `jupyterlab` from 4.5.7 to 4.6.0
- [Release notes](https://github.com/jupyterlab/jupyterlab/releases)
- [Changelog](https://github.com/jupyterlab/jupyterlab/blob/main/RELEASE.md)
- [Commits](https://github.com/jupyterlab/jupyterlab/compare/@jupyterlab/lsp@4.5.7...@jupyterlab/lsp@4.6.0)

Updates `jupytext` from 1.19.3 to 1.19.4
- [Release notes](https://github.com/jupytext/jupytext/releases)
- [Changelog](https://github.com/jupytext/jupytext/blob/main/CHANGELOG.md)
- [Commits](jupytext/jupytext@v1.19.3...v1.19.4)

Updates `lancedb` from 0.30.2 to 0.33.0
- [Release notes](https://github.com/lancedb/lancedb/releases)
- [Changelog](https://github.com/lancedb/lancedb/blob/main/release_process.md)
- [Commits](lancedb/lancedb@python-v0.30.2...python-v0.33.0)

Updates `matplotlib` from 3.10.9 to 3.11.0
- [Release notes](https://github.com/matplotlib/matplotlib/releases)
- [Commits](matplotlib/matplotlib@v3.10.9...v3.11.0)

Updates `ome-arrow` from 0.0.10 to 0.0.11
- [Release notes](https://github.com/wayscience/ome-arrow/releases)
- [Commits](WayScience/ome-arrow@v0.0.10...v0.0.11)

Updates `ome-iris` from 0.0.4 to 0.0.5
- [Commits](https://github.com/d33bs/OME-IRIS/commits)

Updates `vortex-data` from 0.73.0 to 0.75.0
- [Release notes](https://github.com/spiraldb/vortex/releases)
- [Commits](vortex-data/vortex@0.73.0...0.75.0)

---
updated-dependencies:
- dependency-name: duckdb
  dependency-version: 1.5.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: jupyterlab
  dependency-version: 4.6.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: jupytext
  dependency-version: 1.19.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: lancedb
  dependency-version: 0.33.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: matplotlib
  dependency-version: 3.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
- dependency-name: ome-arrow
  dependency-version: 0.0.11
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: ome-iris
  dependency-version: 0.0.5
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-packages
- dependency-name: vortex-data
  dependency-version: 0.75.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-packages
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants