Skip to content

build(deps): bump the python-dependencies group across 1 directory with 7 updates#13

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python-dependencies-4ecbe17fa6
Open

build(deps): bump the python-dependencies group across 1 directory with 7 updates#13
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/uv/python-dependencies-4ecbe17fa6

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github Mar 2, 2026

Bumps the python-dependencies group with 7 updates in the / directory:

Package From To
obstore 0.8.2 0.9.1
polars 1.35.2 1.38.1
pydantic-settings 2.12.0 2.13.1
python-dotenv 1.2.1 1.2.2
typer 0.20.0 0.24.1
pre-commit 4.5.0 4.5.1
ruff 0.14.7 0.15.4

Updates obstore from 0.8.2 to 0.9.1

Commits

Updates polars from 1.35.2 to 1.38.1

Release notes

Sourced from polars's releases.

Python Polars 1.38.1

✨ Enhancements

  • Add get() to retrieve a byte from binary data (#26454)
  • Remove with_context in SQL lowering (#26416)

🐞 Bug fixes

  • Do not overwrite used names in cluster_with_columns pushdown (#26467)
  • Do not mark output of concat_str on multiple inputs as sorted (#26468)
  • Fix CSV schema inference content line duplication bug (#26452)
  • Fix InvalidOperationError using scan_delta with filter (#26448)
  • Alias giving missing column after streaming GroupBy CSE (#26447)
  • Ensure by_name selector selects only names (#26437)
  • Restore compatibility of strings written to parquet with pyarrow filter (#26436)
  • Update schema in cluster_with_columns optimization (#26430)
  • Fix negative slice in groups slicing (#26442)
  • Don't run CPU check on aarch64 musl (#26439)
  • Fixed annotations shadowed by class methods (#26356)
  • Remove the POLARS_IDEAL_MORSEL_SIZE monkeypatching in the parametric merge-join test (#26418)
  • Fix selector match patterns for multiline column names (#26320)

📖 Documentation

  • Add sink_delta to API reference (#26446)

🛠️ Other improvements

  • Cleanup unused attributes in optimizer (#26464)
  • Use Expr::Display as catch all for IR - DSL asymmetry (#26471)
  • Ignore pytz in mypy (#26441)
  • Remove the POLARS_IDEAL_MORSEL_SIZE monkeypatching in the parametric merge-join test (#26418)
  • Cleanup the parametric merge-join test (#26413)

Thank you to all our contributors for making this release possible! @​Voultapher, @​alexander-beedie, @​azimafroozeh, @​cmdlineluser, @​dependabot[bot], @​dsprenkels, @​hamdanal, @​kdn36, @​nameexhaustion, @​orlp, @​ritchie46 and dependabot[bot]

Python Polars 1.38.0

⚠️ Deprecations

  • Deprecate retries=n in favor of storage_options={"max_retries": n} (#26155)

🚀 Performance improvements

  • Enable zero-copy object_store put upload for IPC sink (#26288)
  • Resolve file schema's and metadata concurrently (#26325)
  • Run elementwise CSEE for the streaming engine (#26278)
  • Disable morsel splitting for fast-count on streaming engine (#26245)
  • Implement streaming decompression for scan_ndjson and scan_lines (#26200)
  • Improve string slicing performance (#26206)

... (truncated)

Commits
  • 50a3bfb Python Polars 1.38.1 (#26472)
  • 4207168 fix: Do not overwrite used names in cluster_with_columns pushdown (#26467)
  • 052e68f fix: Do not mark output of concat_str on multiple inputs as sorted (#26468)
  • 3832c8f refactor: Cleanup unused attributes in optimizer (#26464)
  • a166aef refactor: Use Expr::Display as catch all for IR - DSL asymmetry (#26471)
  • d0ca22b fix: Fix CSV schema inference content line duplication bug (#26452)
  • c4b5b1d fix: Fix InvalidOperationError using scan_delta with filter (#26448)
  • c067124 build: Bump time from 0.3.44 to 0.3.47 (#26457)
  • 35b2edf feat: Add get() to retrieve a byte from binary data (#26454)
  • 3a4528f docs(python): Add sink_delta to API reference (#26446)
  • Additional commits viewable in compare view

Updates pydantic-settings from 2.12.0 to 2.13.1

Release notes

Sourced from pydantic-settings's releases.

v2.13.0

What's Changed

New Contributors

Full Changelog: pydantic/pydantic-settings@v2.12.0...v2.13.0

Commits

Updates python-dotenv from 1.2.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

  • The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Support for Python 3.9.

Fixed

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

New Contributors

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

  • Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

  • The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
  • Improved documentation clarity regarding override behavior and the reference page.
  • Updated PyPy support to version 3.11.
  • Documentation for FIFO file support.
  • Dropped Support for Python 3.9.

Fixed

  • Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
  • Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

  • dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

  • In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

  • dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Commits

Updates typer from 0.20.0 to 0.24.1

Release notes

Sourced from typer's releases.

0.24.1

Internal

0.24.0

Breaking Changes

0.23.1

Fixes

  • 🐛 Fix TYPER_USE_RICH parsing to allow disabling Rich completely. PR #1539 by @​bckohan.

Docs

  • 📝 Remove documentation pages that reference using Click directly. PR #1538 by @​svlandeg.

Internal

0.23.0

Breaking Changes

  • ♻️ When printing error tracebacks with Rich, default to not showing locals, which are sometimes verbose. PR #1072 by @​tiangolo.

Docs

  • 📝 Add more explicit deprecation note in shell packages. PR #1534 by @​tiangolo.

Internal

0.22.0

... (truncated)

Changelog

Sourced from typer's changelog.

0.24.1

Internal

0.24.0

Breaking Changes

0.23.2

Features

  • ✅ Monkeypatch console width to allow running pytest directly. PR #1542 by @​SwaatiR.

Internal

0.23.1

Fixes

  • 🐛 Fix TYPER_USE_RICH parsing to allow disabling Rich completely. PR #1539 by @​bckohan.

Docs

  • 📝 Remove documentation pages that reference using Click directly. PR #1538 by @​svlandeg.

Internal

0.23.0

... (truncated)

Commits
  • eaec8fa 🔖 Release version 0.24.1
  • c73cc2b 📝 Update release notes
  • 6c6259c 👷 Fix CI, do not attempt to build typer-slim, nor typer-cli (#1569)
  • bc65ad8 📝 Update release notes
  • 3aedc0a ➖ Drop support for typer-slim and typer-cli, no more versions will be rel...
  • 4b13020 📝 Update release notes
  • 19aaf0b ⬆ Bump rich from 14.3.2 to 14.3.3 (#1565)
  • 0ece295 📝 Update release notes
  • 833c005 📝 Update release notes
  • 64c0dcb ⬆ Bump pydantic-settings from 2.13.0 to 2.13.1 (#1566)
  • Additional commits viewable in compare view

Updates pre-commit from 4.5.0 to 4.5.1

Release notes

Sourced from pre-commit's releases.

pre-commit v4.5.1

Fixes

  • Fix language: python with repo: local without additional_dependencies.
Changelog

Sourced from pre-commit's changelog.

4.5.1 - 2025-12-16

Fixes

  • Fix language: python with repo: local without additional_dependencies.
Commits
  • 8a0630c v4.5.1
  • fcbc745 Merge pull request #3597 from pre-commit/empty-setup-py
  • 51592ee fix python local template when artifact dirs are present
  • 67e8faf Merge pull request #3596 from pre-commit/pre-commit-ci-update-config
  • c251e6b [pre-commit.ci] pre-commit autoupdate
  • 98ccafa Merge pull request #3593 from pre-commit/pre-commit-ci-update-config
  • 4895355 [pre-commit.ci] pre-commit autoupdate
  • 2cedd58 Merge pull request #3588 from pre-commit/pre-commit-ci-update-config
  • 465192d [pre-commit.ci] pre-commit autoupdate
  • fd42f96 Merge pull request #3586 from pre-commit/zipapp-sha256-file-not-needed
  • Additional commits viewable in compare view

Updates ruff from 0.14.7 to 0.15.4

Release notes

Sourced from ruff's releases.

0.15.4

Release Notes

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

  • Fix panic on access to definitions after analyzing definitions (#23588)
  • [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

  • Clarify first-party import detection in Ruff (#23591)
  • Fix incorrect import-heading example (#23568)

Contributors

Install ruff 0.15.4

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.15.4/ruff-installer.ps1 | iex"

Download ruff 0.15.4

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum
ruff-x86_64-pc-windows-msvc.zip x64 Windows checksum
ruff-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ruff-i686-unknown-linux-gnu.tar.gz x86 Linux checksum
ruff-powerpc64-unknown-linux-gnu.tar.gz PPC64 Linux checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.4

Released on 2026-02-26.

This is a follow-up release to 0.15.3 that resolves a panic when the new rule PLR1712 was enabled with any rule that analyzes definitions, such as many of the ANN or D rules.

Bug fixes

  • Fix panic on access to definitions after analyzing definitions (#23588)
  • [pyflakes] Suppress false positive in F821 for names used before del in stub files (#23550)

Documentation

  • Clarify first-party import detection in Ruff (#23591)
  • Fix incorrect import-heading example (#23568)

Contributors

0.15.3

Released on 2026-02-26.

Preview features

  • Drop explicit support for .qmd file extension (#23572)

    This can now be enabled instead by setting the extension option:

    # ruff.toml
extension = { qmd = "markdown" }
pyproject.toml
[tool.ruff]
extension = { qmd = "markdown" }

  • Include configured extensions in file discovery (#23400)

  • [flake8-bandit] Allow suspicious imports in TYPE_CHECKING blocks (S401-S415) (#23441)

  • [flake8-bugbear] Allow B901 in pytest hook wrappers (#21931)

  • [flake8-import-conventions] Add missing conventions from upstream (ICN001, ICN002) (#21373)

... (truncated)

Commits
  • f14edd8 Bump 0.15.4 (#23595)
  • fd09d37 Fix panic on access to definitions after analyzing definitions (#23588)
  • 81d655f [pyflakes] suppress false positive in F821 for names used before del in...
  • 625b4f5 [ruff] docs: Clarify first-party import detection in Ruff (#23591)
  • 60facfa one word typo fix in a while_loop.md test case (#23589)
  • fbb9fa7 docs: fix incorrect import-heading example (#23568)
  • 5bc49a9 Increase the ruleset size to 16 bits (#23586)
  • a62ba8c [ty] Fix overloaded callable assignability for unary Callable targets (#23277)
  • e5f2f36 Bump 0.15.3 (#23585)
  • 0e19fc9 [ty] defer calculating conjunctions in narrowing constraints (#23552)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
build(deps): bump the python-dependencies group across 1 directory wi…
980985d 
…th 7 updates

Bumps the python-dependencies group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [obstore](https://github.com/geospatial-jeff/pyasyncio-benchmark) | `0.8.2` | `0.9.1` |
| [polars](https://github.com/pola-rs/polars) | `1.35.2` | `1.38.1` |
| [pydantic-settings](https://github.com/pydantic/pydantic-settings) | `2.12.0` | `2.13.1` |
| [python-dotenv](https://github.com/theskumar/python-dotenv) | `1.2.1` | `1.2.2` |
| [typer](https://github.com/fastapi/typer) | `0.20.0` | `0.24.1` |
| [pre-commit](https://github.com/pre-commit/pre-commit) | `4.5.0` | `4.5.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.14.7` | `0.15.4` |



Updates `obstore` from 0.8.2 to 0.9.1
- [Commits](https://github.com/geospatial-jeff/pyasyncio-benchmark/commits)

Updates `polars` from 1.35.2 to 1.38.1
- [Release notes](https://github.com/pola-rs/polars/releases)
- [Commits](pola-rs/polars@py-1.35.2...py-1.38.1)

Updates `pydantic-settings` from 2.12.0 to 2.13.1
- [Release notes](https://github.com/pydantic/pydantic-settings/releases)
- [Commits](pydantic/pydantic-settings@v2.12.0...v2.13.1)

Updates `python-dotenv` from 1.2.1 to 1.2.2
- [Release notes](https://github.com/theskumar/python-dotenv/releases)
- [Changelog](https://github.com/theskumar/python-dotenv/blob/main/CHANGELOG.md)
- [Commits](theskumar/python-dotenv@v1.2.1...v1.2.2)

Updates `typer` from 0.20.0 to 0.24.1
- [Release notes](https://github.com/fastapi/typer/releases)
- [Changelog](https://github.com/fastapi/typer/blob/master/docs/release-notes.md)
- [Commits](fastapi/typer@0.20.0...0.24.1)

Updates `pre-commit` from 4.5.0 to 4.5.1
- [Release notes](https://github.com/pre-commit/pre-commit/releases)
- [Changelog](https://github.com/pre-commit/pre-commit/blob/main/CHANGELOG.md)
- [Commits](pre-commit/pre-commit@v4.5.0...v4.5.1)

Updates `ruff` from 0.14.7 to 0.15.4
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.14.7...0.15.4)

---
updated-dependencies:
- dependency-name: obstore
  dependency-version: 0.9.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: polars
  dependency-version: 1.38.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: pydantic-settings
  dependency-version: 2.13.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: python-dotenv
  dependency-version: 1.2.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: typer
  dependency-version: 0.24.1
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
- dependency-name: pre-commit
  dependency-version: 4.5.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-dependencies
- dependency-name: ruff
  dependency-version: 0.15.4
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 2, 2026
@github-actions
Copy link
Copy Markdown

github-actions Bot commented Mar 2, 2026

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 7 package(s) with unknown licenses.
See the Details below.

License Issues

uv.lock

PackageVersionLicenseIssue Type
obstore0.9.1NullUnknown License
polars1.38.1NullUnknown License
polars-runtime-321.38.1NullUnknown License
pydantic-settings2.13.1NullUnknown License
python-dotenv1.2.2NullUnknown License
ruff0.15.4NullUnknown License
typer0.24.1NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
pip/annotated-doc 0.0.4 UnknownUnknown
pip/obstore 0.9.1 UnknownUnknown
pip/polars 1.38.1 UnknownUnknown
pip/polars-runtime-32 1.38.1 UnknownUnknown
pip/pre-commit 4.5.1 🟢 4.5
Details
CheckScoreReason
Maintained🟢 109 commit(s) and 27 issue activity found in the last 90 days -- score normalized to 10
Dangerous-Workflow🟢 10no dangerous workflow patterns detected
Code-Review⚠️ 0Found 1/12 approved changesets -- score normalized to 0
Packaging⚠️ -1packaging workflow not detected
Token-Permissions⚠️ 0detected GitHub workflow tokens with excessive permissions
Binary-Artifacts🟢 10no binaries found in the repo
CII-Best-Practices⚠️ 0no effort to earn an OpenSSF best practices badge detected
License🟢 10license file detected
Fuzzing⚠️ 0project is not fuzzed
Pinned-Dependencies⚠️ 0dependency not pinned by hash detected -- score normalized to 0
Signed-Releases⚠️ 0Project has not signed or included provenance with any releases.
Security-Policy🟢 10security policy file detected
Branch-Protection⚠️ -1internal error: error during branchesHandler.setup: internal error: some github tokens can't read classic branch protection rules: https://github.com/ossf/scorecard-action/blob/main/docs/authentication/fine-grained-auth-token.md
SAST⚠️ 0SAST tool is not run on all commits -- score normalized to 0
pip/pydantic-settings 2.13.1 UnknownUnknown
pip/python-dotenv 1.2.2 UnknownUnknown
pip/ruff 0.15.4 UnknownUnknown
pip/typer 0.24.1 UnknownUnknown

Scanned Files

  • uv.lock

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants