Bump the pip group across 1 directory with 4 updates

[dependabot]

Bumps the pip group with 4 updates in the / directory: google-cloud-storage, pandas, requests and python-dotenv.

Updates google-cloud-storage from 3.6.0 to 3.10.1

Release notes

Sourced from google-cloud-storage's releases.

google-cloud-storage: v3.10.1

3.10.1 (2026-03-23)

Bug Fixes

• raise ValueError if api_endpoint is unset when using AnonymousCredentials in AsyncGrpcClient. (#1778) (17828ea3)

google-cloud-storage: v3.10.0

3.10.0 (2026-03-18)

Features

• [Bucket Encryption Enforcement] add support for bucket encryption enforcement config (#1742) (2a6e8b00e4e6ff57460373f8e628fd363be47811)

Perf Improvments

• [Rapid Buckets Reads] Use raw proto access for read resumption strategy (#1764) (14cfd61ce35365a409650981239ef742cdf375fb)
• [Rapid Buckets Benchmarks] init mp pool & grpc client once, use os.sched_setaffinity (#1751) (a9eb82c1b9b3c6ae5717d47b76284ed0deb5f769)
• [Rapid Buckets Writes] don't flush at every append, results in bad perf (#1746) (ab62d728ac7d7be3c4fe9a99d72e35ead310805a)

Bug Fixes

• [Windows] skip downloading blobs whose name contain ":" eg: C: D: etc when application runs in Windows. (#1774) (558198823ed51918db9c0137715d1e7f5b593975)
• [Path Traversal] Prevent path traversal in download_many_to_path (#1768) (700fec3bf7aa37bd5ea4b163cc3f9e8e6892bd5a)
• [Rapid Buckets] pass token correctly, '&' instead of ',' (#1756) (d8dd1e074d2431de9b45e0103181dce749a447a0)

google-cloud-storage 3.9.0

3.9.0 (2026-02-02)

Features

• update generation for MRD (#1730) (08bc7082)

• add get_object method for async grpc client (#1735) (0e5ec29b)

• Add micro-benchmarks for reads comparing standard (regional) vs rapid (zonal) buckets. (#1697) (1917649f)

• Add support for opening via write_handle and fix write_handle type (#1715) (2bc15fa5)

• add samples for appendable objects writes and reads (2e1a1eb5)

• add samples for appendable objects writes and reads (#1705) (2e1a1eb5)

• add context manager to mrd (#1724) (5ac2808a)

• Move Zonal Buckets features of _experimental (#1728) (74c9ecc5)

• add default user agent for grpc (#1726) (7b319469)

... (truncated)

Changelog

Sourced from google-cloud-storage's changelog.

3.10.1 (2026-03-23)

Bug Fixes

• raise ValueError if api_endpoint is unset when using AnonymousCredentials in AsyncGrpcClient. (#1778) (17828ea316872938a98a6360b10a2495c54bbbcb)

3.10.0 (2026-03-18)

Features

• [Bucket Encryption Enforcement] add support for bucket encryption enforcement config (#1742) (2a6e8b00e4e6ff57460373f8e628fd363be47811)

Perf Improvments

• [Rapid Buckets Reads] Use raw proto access for read resumption strategy (#1764) (14cfd61ce35365a409650981239ef742cdf375fb)
• [Rapid Buckets Benchmarks] init mp pool & grpc client once, use os.sched_setaffinity (#1751) (a9eb82c1b9b3c6ae5717d47b76284ed0deb5f769)
• [Rapid Buckets Writes] don't flush at every append, results in bad perf (#1746) (ab62d728ac7d7be3c4fe9a99d72e35ead310805a)

Bug Fixes

• [Windows] skip downloading blobs whose name contain ":" eg: C: D: etc when application runs in Windows. (#1774) (558198823ed51918db9c0137715d1e7f5b593975)
• [Path Traversal] Prevent path traversal in download_many_to_path (#1768) (700fec3bf7aa37bd5ea4b163cc3f9e8e6892bd5a)
• [Rapid Buckets] pass token correctly, '&' instead of ',' (#1756) (d8dd1e074d2431de9b45e0103181dce749a447a0)

3.9.0 (2026-02-02)

Features

• add get_object method for async grpc client (#1735) (0e5ec29bc6a31b77bcfba4254cef5bffb199095c)
• expose DELETE_OBJECT in AsyncGrpcClient (#1718) (c8dd7a0b124c395b7b60189ee78f47aba8d51f7d)
• update generation for MRD (#1730) (08bc7082db7392f13bc8c51511b4afa9c7b157c9)
• Move Zonal Buckets features of _experimental (#1728) (74c9ecc54173420bfcd48498a8956088a035af50)
• add default user agent for grpc (#1726) (7b319469d2e495ea0bf7367f3949190e8f5d9fff)
• expose finalized_time in blob.py applicable for GET_OBJECT in ZB (#1719) (8e21a7fe54d0a043f31937671003630a1985a5d2)
• add context manager to mrd (#1724) (5ac2808a69195c688ed42c3604d4bfadbb602a66)
• integrate writes strategy and appendable object writer (#1695) (dbd162b3583e32e6f705a51f5c3fef333a9b89d0)
• Add support for opening via write_handle and fix write_handle type (#1715) (2bc15fa570683ba584230c51b439d189dbdcd580)
• Add micro-benchmarks for writes comparing standard (regional) vs rapid (zonal) buckets. (#1707) (dbe9d8b89d975dfbed8c830a5687ccfafea51d5f)
• Add micro-benchmarks for reads comparing standard (regional) vs rapid (zonal) buckets. (#1697) (1917649fac41481da1adea6c2a9f4ab1298a34c4)
• send user_agent to grpc channel (#1712) (cdb2486bb051dcbfbffc2510aff6aacede5e54d3)
• add samples for appendable objects writes and reads (#1705) (2e1a1eb5cbe1c909f1f892a0cc74fe63c8ef36ff)
• add samples for appendable objects writes and reads (2e1a1eb5cbe1c909f1f892a0cc74fe63c8ef36ff)
• add support for generation=0 to avoid overwriting existing objects and add is_stream_open support (#1709) (ea0f5bf8316f4bfcff2728d9d1baa68dde6ebdae)
• add support for generation=0 to prevent overwriting existing objects (ea0f5bf8316f4bfcff2728d9d1baa68dde6ebdae)
• add is_stream_open property to AsyncAppendableObjectWriter for stream status check (ea0f5bf8316f4bfcff2728d9d1baa68dde6ebdae)

... (truncated)

Commits

• fce6a6b chore: librarian release pull request: 20260323T070628Z (#1782)
• f768af7 chore: run bidi_tests independently (#1781)
• 17828ea fix: raise ValueError if api_endpoint is unset when using AnonymousCredential...
• 8b7fbde chore: librarian release pull request: 20260318T145147Z (#1776)
• 21bb20f feat(samples): add argparse and clarify traversal support in download_many sn...
• 5581988 fix(storage): skip downloading blobs whose name contain ":" eg: C: D: ...
• c5735c3 feat(storage): support returning skipped items as UserWarning in download_man...
• 14cfd61 feat(storage): Use raw proto access for read resumption strategy (#1764)
• 2a6e8b0 feat: add support for bucket encryption enforcement config (#1742)
• 141f7ac chore: skip hmac tests until b/493225655 is fixed (#1771)
• Additional commits viewable in compare view

Updates pandas from 2.3.3 to 3.0.3

Release notes

Sourced from pandas's releases.

pandas 3.0.3

We are pleased to announce the release of pandas 3.0.3. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

pandas 3.0.2

We are pleased to announce the release of pandas 3.0.2. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

pandas 3.0.1

We are pleased to announce the release of pandas 3.0.1. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

... (truncated)

Commits

• 72f2fea RLS: 3.0.3 (#65590)
• 2897590 Backport PR #65436 on branch 3.0.x (Account for privatization of matplotlib `...
• 49894b5 Backport PR #65499 on branch 3.0.x (BUG: fix check if pyarrow is installed in...
• 1c6d1e3 [backport 3.0.x] PERF: remove special casing for zoneinfo in tz_localize_to_u...
• 2a54711 Backport PR #64379 on branch 3.0.x (PERF: improve performance with ZoneInfo t...
• 036bb7c Backport PR #65482 on branch 3.0.x (PERF: don't call unique on dtypes for che...
• bf4c182 Backport PR #65410 on branch 3.0.x (TST: also convert str index to object in ...
• dd02d75 [backport 3.0.x] BUG: keep fsspec OpenFile alive for chained URL reads (#6547...
• aef3d0f [backport 3.0.x] CI: lowercase types-pymysql/types-pyyaml to fix mamba 2.6.0 ...
• bb8e248 Backport PR #65399 on branch 3.0.x (DOC: fix source link for classes in the r...
• Additional commits viewable in compare view

Updates requests from 2.32.3 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

• Widened json input type from dict and list to Mapping and Sequence. (#7436)
• Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
• Response.reason moved from str | None to str to improve handling for users. (#7437)
• Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

• @​k223kim made their first contribution in psf/requests#7433

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

• Widened json input type from dict and list to Mapping and Sequence. (#7436)
• Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
• Response.reason moved from str | None to str to improve handling for users. (#7437)
• Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
• Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

... (truncated)

Commits

• 6e83187 v2.34.2
• 84d10f0 Move Request.headers back to Mapping (#7441)
• b7b549b v2.34.1
• e511bc7 Fix mutability issues with headers input types (#7431)
• 5691f59 Update JsonType containers to read-based collections (#7436)
• 2144213 Constrain Response.reason to str (#7437)
• 6404f34 Fix prepare_body stream detection for __getattr__-based file wrappers (#7...
• 0b401c7 v2.34.0
• 86b378d Align Session.get parameters with requests.get (#7429)
• a4f9a59 Port bpo-39057 to Requests (#7427)
• Additional commits viewable in compare view

Updates python-dotenv from 1.0.0 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

• The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by @​bbc2 in #790c5
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by @​JYOuyang in theskumar/python-dotenv#590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

• skip 000 permission tests for root user by @​burnout-projects in theskumar/python-dotenv#561
• Bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in theskumar/python-dotenv#593
• Add Windows testing to CI by @​bbc2 in theskumar/python-dotenv#604
• Improve workflow efficiency with best practices by @​theskumar in theskumar/python-dotenv#609
• Remove the use of sh in tests by @​bbc2 in theskumar/python-dotenv#612

New Contributors

• @​JYOuyang made their first contribution in theskumar/python-dotenv#590
• @​burnout-projects made their first contribution in theskumar/python-dotenv#561
• @​cpackham-atlnz made their first contribution in theskumar/python-dotenv#597

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

v1.2.1

What's Changed

... (truncated)

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

• The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Dropped Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

[1.2.1] - 2025-10-26

• Move more config to pyproject.toml, removed setup.cfg
• Add support for reading .env from FIFOs (Unix) by [@​sidharth-sudhir] in #586

[1.2.0] - 2025-10-26

• Upgrade build system to use PEP 517 & PEP 518 to use build and pyproject.toml by [@​EpicWink] in #583
• Add support for Python 3.14 by [@​23f3001135] in #579
• Add support for disabling of load_dotenv() using PYTHON_DOTENV_DISABLED env var. by [@​matthewfranglen] in #569

[1.1.1] - 2025-06-24

Fixed

• CLI: Ensure find_dotenv work reliably on python 3.13 by [@​theskumar] in #563

... (truncated)

Commits

• 36004e0 Bump version: 1.2.1 → 1.2.2
• eb20252 docs: update changelog for v1.2.2
• 790c5c0 Merge commit from fork
• 43340da Remove the use of sh in tests (#612)
• 09d7cee docs: clarify override behavior and document FIFO support (#610)
• c8de288 ci: improve workflow efficiency with best practices (#609)
• 7bd9e3d Add Windows testing to CI (#604)
• 1baaf04 Drop Python 3.9 support and update to PyPy 3.11 (#608)
• 4a22cf8 ci: enable testing on Python 3.14t (free-threaded) (#588)
• e2e8e77 Fix license specifier (#597)
• Additional commits viewable in compare view