chore(deps)(deps): bump the python-versions group across 1 directory with 32 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the python-versions group with 32 updates in the / directory:

Package	From	To
huggingface-hub	1.2.2	1.16.1
jupytext	1.19.1	1.19.3
poethepoet	0.37.0	0.46.0
pyproject-fmt	2.11.1	2.21.2
pyright	1.1.407	1.1.409
pytest	9.0.1	9.0.3
pytest-cov	7.0.0	7.1.0
ruff	0.14.5	0.15.14
scipy-stubs	1.16.3.0	1.17.1.4
ipython	9.7.0	9.13.0
kaleido	1.2.0	1.3.0
matplotlib	3.10.7	3.10.9
optuna	4.7.0	4.8.0
pydata-sphinx-theme	0.16.1	0.18.0
sphinx-design	0.6.1	0.7.0
sphinx-gallery	0.19.0	0.21.0
sphinx-prompt	1.10.1	1.10.2
sphinx-autodoc-typehints	3.5.2	3.10.2
plotly	6.4.0	6.7.0
scoringrules	0.8.0	0.10.0
tqdm	4.67.1	4.67.3
joblib	1.5.2	1.5.3
numpy	2.3.5	2.4.6
pydantic	2.12.4	2.13.4
pydantic-extra-types	2.10.6	2.11.1
holidays	0.84	0.97
mlflow-skinny	3.6.0	3.12.0
pvlib	0.13.1	0.15.1
scikit-learn	1.7.2	1.8.0
scipy	1.16.3	1.17.1
xgboost	3.1.1	3.2.0
xgboost-cpu	3.1.1	3.2.0

Updates huggingface-hub from 1.2.2 to 1.16.1

Release notes

Sourced from huggingface-hub's releases.

[v1.16.1] [Hot-fix] [Inference] Remove Together ASR task to drop urllib3 dependency

• [Hot-fix] [Inference] Remove Together ASR task to drop urllib3 dependency by @​Wauplin in #4248

Full Changelog: huggingface/huggingface_hub@v1.16.0...v1.16.1

[v1.16.0] Together goes multimodal on Inference Providers, CLI improvements, and token security

⚡ Together goes multimodal on Inference Providers

Together now supports five additional task types beyond chat and text-to-image on Inference Providers:

• feature_extraction
• text_to_speech
• automatic_speech_recognition EDIT: hot-fix v1.16.1 removed this task (see huggingface/huggingface_hub#4248) to fix a dependency issue. We will add it back in a future release.
• image_to_image
• text_to_video

from huggingface_hub import InferenceClient
client = InferenceClient(provider="together")
Embeddings
embeddings = client.feature_extraction("Hello world", model="intfloat/multilingual-e5-large-instruct")
Text-to-speech
audio = client.text_to_speech("Hello world", model="hexgrad/Kokoro-82M", extra_body={'voice': 'af_heart'})
Text-to-video
video = client.text_to_video("A cat on the moon", model="Wan-AI/Wan2.2-T2V-A14B")

• [Inference] Add embeddings, TTS, ASR, image-to-image and video tasks for Together by @​nbroad1881 in #4164

📚 Documentation: Inference guide

🔗 Centralized hf:// URI parsing

All scattered ad-hoc hf:// URI parsers throughout the codebase have been consolidated onto the new parse_hf_uri/parse_hf_mount helpers. This brings consistent parsing behavior, a new is_hf_uri public helper for validating URIs, and proper handling of @ in filenames (now treated as literal). The CLI error handler now catches HfUriError and displays a clean message instead of a raw traceback.

🚨 Breaking Changes

This migration includes several breaking changes: BucketUrl.handle has been renamed to BucketUrl.uri (type changed from str to HfUri, use .to_uri() for the string form), Volume.to_hf_handle() has been renamed to Volume.to_uri(), single-segment repo IDs (e.g. gpt2) are no longer supported in HfFileSystem paths or CLI -v flags — you must use the namespace/name format instead.

• [Core] Migrate hf:// URI parsing to centralized parse_hf_uri by @​Wauplin in #4189

📚 Documentation: CLI guide | Buckets guide

🖥️ CLI

Global --no-truncate flag for CLI tables

... (truncated)

Commits

• ff0cc60 Release: v1.16.1
• a77e961 [Inference] Remove Together ASR task to drop urllib3 dependency (#4248)
• c68a383 Release: v1.16.0
• fa7fc45 Release: v1.16.0.rc0
• 06d6990 [Jobs] Add ephemeral_storage field to JobHardware (#4233)
• 2618a54 [CLI] Surface job runtime fields in ps + inspect (#4211)
• 356b712 [CI] make test_model_info_with_security for robust (#4246)
• 609e64a [CLI] Raise error when both --local-dir and --cache-dir are provided (#4245)
• b4fd28d [Download] Fix snapshot bar inflation on http_get retry (#4209)
• a117e68 [CLI] Expose linked repos in PaperInfo (#4240)
• Additional commits viewable in compare view

Updates jupytext from 1.19.1 to 1.19.3

Release notes

Sourced from jupytext's releases.

Version 1.19.3

Fixed

• The Jupytext CLI issues a warning when a notebook is not trusted. Also, trust is preserved when empty outputs are added (follow-up on #1505)

Changed

• The dependabot config has been updated to correctly bump extension packages, now allowing only production updates and ignoring dev dependencies (#1532). Thanks to Mahendra Paipuri for this PR!
• Removed deprecated stylelint packages (stylelint-config-prettier and stylelint-prettier) from the JupyterLab extension dependencies (#1530)
• We have removed Python 3.9 testing from the CI (Python 3.9 reached EOL in October 2025)

Version 1.19.2

Fixed

• Trusted notebooks remain trusted after jupytext --sync (#1505)
• We have fixed the homepage link in package.json. Thanks to Michał Krassowski for making this PR (#1494)
• Thanks to Brigitta Sipőcz for fixing a broken link in our CLI (#1428)
• The --quiet flag now suppresses the creating missing directory warning when writing to a path that includes a prefix (#1533)

Changed

• The CI workflow has been restructured to maximize parallelization. All test suites (pip, conda, UI) and the build step now run concurrently after pre-commit checks, instead of sequentially, reducing CI times (#1527)
• We have skipped the tests that involve jupyterfs on Python 3.12+ as they started failing on the CI with no obvious way to fix them (#1509)
• We have changed the configuration of Dependabot to get grouped dependency updates for our JupyterLab extension.
• We have merged a series of Dependabot security updates: #1516, #1517, #1519, #1520, #1522, #1524

Changelog

Sourced from jupytext's changelog.

1.19.3 (2026-05-17)

Fixed

• The Jupytext CLI issues a warning when a notebook is not trusted. Also, trust is preserved when empty outputs are added (follow-up on #1505)

Changed

• The dependabot config has been updated to correctly bump extension packages, now allowing only production updates and ignoring dev dependencies (#1532). Thanks to Mahendra Paipuri for this PR!
• Removed deprecated stylelint packages (stylelint-config-prettier and stylelint-prettier) from the JupyterLab extension dependencies (#1530)
• We have removed Python 3.9 testing from the CI (Python 3.9 reached EOL in October 2025)

1.19.2 (2026-05-10)

Fixed

• Trusted notebooks remain trusted after jupytext --sync (#1505)
• We have fixed the homepage link in package.json. Thanks to Michał Krassowski for making this PR (#1494)
• Thanks to Brigitta Sipőcz for fixing a broken link in our CLI (#1428)
• The --quiet flag now suppresses the creating missing directory warning when writing to a path that includes a prefix (#1533)

Changed

• The CI workflow has been restructured to maximize parallelization. All test suites (pip, conda, UI) and the build step now run concurrently after pre-commit checks, instead of sequentially, reducing CI times (#1527)
• We have skipped the tests that involve jupyterfs on Python 3.12+ as they started failing on the CI with no obvious way to fix them (#1509)
• We have changed the configuration of Dependabot to get grouped dependency updates for our JupyterLab extension.
• We have merged a series of Dependabot security updates: #1516, #1517, #1519, #1520, #1522, #1524

Commits

• 48fdfd8 Fix: Adding cells with no outputs preserves trust status (#1531)
• 4706e65 chore: Update dependabot config (#1532)
• 2ec5404 build (deps): Remove deprecated stylelint packages (#1530)
• 309f97f Version 1.19.2 (#1529)
• e4dded4 build(deps-dev): bump typescript from 5.9.3 to 6.0.3 in /jupyterlab/packages/...
• 2c262e5 Fix: --quiet also suppresses warning for directory creation (#1526)
• 0bfcec1 build(deps): bump fast-uri from 3.1.0 to 3.1.2 in /jupyterlab (#1524)
• 611e2c0 Explicitly close NotebookNotary signature store (#1528)
• 70b1f20 All tests run after coverage tests have passed (#1527)
• 399e934 Close SQLite database connections of Jupytext-created notaries
• Additional commits viewable in compare view

Updates poethepoet from 0.37.0 to 0.46.0

Release notes

Sourced from poethepoet's releases.

0.46.0

Enhancements

• Experimental Claude Code skill and bump-version task by @​nat-n in nat-n/poethepoet#387
• Use AST parser for all templating to support :- and :+ param expansion operators everywhere by @​nat-n in nat-n/poethepoet#386

Fixes

• Make uv and poetry executors check for bat files to handle shutdown quirks on windows by @​nat-n in nat-n/poethepoet#385
• Strip underscore prefix in documentation for private positional args by @​nat-n in nat-n/poethepoet#383
• Use AST for $POE_EXTRA_ARGS detection and cache parsed content by @​nat-n in nat-n/poethepoet#388

Experimental agent skill

This release ships an experimental agent skill that gives AI coding agents contextual knowledge of poe's task API when working in projects that use it. It works with any agent that supports the skills convention and aims to improve agent abilities when it comes to leveraging and authoring poe tasks.

Please try it out and provide feedback!

Two install methods:

1. Via a built in poe task (similar to how shell completions are installed):

poe _install_skill                          # auto-detects .claude/.codex/.pi/.agents and prompts
poe _install_skill ~/.claude/skills         # explicit path (substitute your agent's dir)
poe _install_skill <skills-dir> --upgrade   # non-interactive upgrade (skips if same/newer)

2. From github via npx skills

npx skills add https://github.com/nat-n/poethepoet/tree/v0.46.0/poethepoet/skills/poethepoet

Full Changelog: nat-n/poethepoet@v0.45.0...v0.46.0

0.45.0

Enhancements

• Add support for forwarding free arguments via $POE_EXTRA_ARGS by @​timrid in nat-n/poethepoet#380

Fixes

• Handle cancelled tasks correctly by @​timrid in nat-n/poethepoet#378
• Preserve quotes in :+/:- operator arguments (#333) by @​nat-n in nat-n/poethepoet#377
• Handle ctrl+c attempt on windows if running bat/cmd scripts by @​NSPC911 in nat-n/poethepoet#382

New Contributors

• @​timrid made their first contribution in nat-n/poethepoet#378

Full Changelog: nat-n/poethepoet@v0.44.0...v0.45.0

0.44.0

Enhancements

... (truncated)

Commits

• 23a4c1a feat: experimental Claude Code skill and bump-version task (#387)
• a04a215 refactor: use AST for $POE_EXTRA_ARGS detection and cache parsed content (#388)
• 61d2e34 refactor: use AST parser for all templating (#386)
• 1bfad47 fix: make uv and poetry executors check for bat files (#385)
• 35e4a1b fix: Strip underscore prefix in documentation for private positional args (#383)
• 244cf0b Bump version to 0.45.0
• 3a6c09a feat: support forwarding free arguments via $POE_EXTRA_ARGS (#380)
• a1edcda fix: preserve quotes in :+/:- operator arguments (#333) (#377)
• 3e60a85 fix: handle cancelled asyncio tasks correctly (#378)
• bbdd435 fix: handle ctrl+c attempt on windows if running bat/cmd scripts (#382)
• Additional commits viewable in compare view

Updates pyproject-fmt from 2.11.1 to 2.21.2

Release notes

Sourced from pyproject-fmt's releases.

pyproject-fmt/2.21.2

• ✨ feat(build): support free-threaded Python wheels by @​gaborbernat in #307
• 🐛 fix(common): skip empty tables in Tables::get by @​gaborbernat in #304
• Update Python dependencies by @​gaborbernat in #301
• Update Python dependencies by @​gaborbernat in #295
• Update Rust dependencies by @​gaborbernat in #296

pyproject-fmt/2.21.1

• 🐛 fix(pyproject-fmt): produce valid TOML when sorting arrays with value on bracket line by @​gaborbernat in #293
• Update Rust dependencies by @​gaborbernat in #287
• Update Python dependencies by @​gaborbernat in #286

pyproject-fmt/2.21.0

What's Changed

• ✨ feat(pyproject-fmt): add pixi support (#283)
• 🐛 fix(toml-fmt-common): skip write check in --check and --stdout modes (#278)

pyproject-fmt/2.20.0

• ✨ feat(pyproject-fmt): add bandit to recognized linters by @​gaborbernat in #276
• Update Python dependencies by @​gaborbernat in #269

pyproject-fmt/2.19.0

• ♻️ refactor(pyproject-fmt): sort type checkers after linters by @​gaborbernat in #274
• Update Rust dependencies by @​gaborbernat in #270

pyproject-fmt/2.18.1

• 🐛 fix(common): panic on non-array nodes in array ops by @​gaborbernat in #266

pyproject-fmt/2.18.0

• ✨ feat(tox-toml-fmt): add inline table key reordering by @​gaborbernat in #264

pyproject-fmt/2.17.0

• ✨ feat(common): add shared config file support by @​gaborbernat in #258
• 🐛 fix(parser): adapt to tombi v0.8.0 AST changes by @​gaborbernat in #259
• Update Python dependencies by @​gaborbernat in #257
• Update Python dependencies by @​gaborbernat in #248
• Update Python dependencies by @​gaborbernat in #247
• Update Python dependencies by @​gaborbernat in #245

pyproject-fmt/2.16.2

• ⬆️ build(deps): update Rust and Python dependencies by @​gaborbernat in #243
• Fix panic on non-valid classifiers by @​Nicolaus93 in #241
• Update Python dependencies by @​gaborbernat in #240
• Update Python dependencies by @​gaborbernat in #238
• Update Python dependencies by @​gaborbernat in #236
• Update Rust dependencies by @​gaborbernat in #235
• 🐛 fix(tox-toml-fmt): handle quoted keys with dots in env tables by @​gaborbernat in #234
• Update Python dependencies by @​gaborbernat in #232
• ✨ feat(tox-toml-fmt): add semantic formatting matching tox-ini-fmt by @​gaborbernat in #230

... (truncated)

Commits

• 76710cb Release pyproject-fmt 2.21.2 [skip ci]
• 2c2c9b6 Release tox-toml-fmt 1.9.3 [skip ci]
• af025bf ✨ feat(build): support free-threaded Python wheels (#307)
• 0fa616e build(deps): bump taiki-e/install-action from 2.75.18 to 2.75.23 in the githu...
• c8505ee [pre-commit.ci] pre-commit autoupdate (#303)
• 973d97e 🐛 fix(common): skip empty tables in Tables::get (#304)
• ebd487a Update Rust dependencies (#302)
• cce6a40 Update Python dependencies (#301)
• eecf4a0 build(deps): bump the github-actions group with 2 updates (#300)
• a498b78 build(deps): bump rustls-webpki from 0.103.12 to 0.103.13 (#298)
• Additional commits viewable in compare view

Updates pyright from 1.1.407 to 1.1.409

Commits

• d7508e5 [pyright updated to 1.1.409] Update Version (#359)
• 81b795a Pyright NPM Package update to 1.1.408 (#357)
• See full diff in compare view

Updates pytest from 9.0.1 to 9.0.3

Release notes

Sourced from pytest's releases.

9.0.3

pytest 9.0.3 (2026-04-07)

Bug fixes

• #12444: Fixed pytest.approx which now correctly takes into account ~collections.abc.Mapping keys order to compare them.

• #13634: Blocking a conftest.py file using the -p no: option is now explicitly disallowed.

  Previously this resulted in an internal assertion failure during plugin loading.

  Pytest now raises a clear UsageError explaining that conftest files are not plugins and cannot be disabled via -p.

• #13734: Fixed crash when a test raises an exceptiongroup with __tracebackhide__ = True.

• #14195: Fixed an issue where non-string messages passed to unittest.TestCase.subTest() were not printed.

• #14343: Fixed use of insecure temporary directory (CVE-2025-71176).

Improved documentation

• #13388: Clarified documentation for -p vs PYTEST_PLUGINS plugin loading and fixed an incorrect -p example.
• #13731: Clarified that capture fixtures (e.g. capsys and capfd) take precedence over the -s / --capture=no command-line options in Accessing captured output from a test function <accessing-captured-output>.
• #14088: Clarified that the default pytest_collection hook sets session.items before it calls pytest_collection_finish, not after.
• #14255: TOML integer log levels must be quoted: Updating reference documentation.

Contributor-facing changes

• #12689: The test reports are now published to Codecov from GitHub Actions. The test statistics is visible on the web interface.

  -- by aleguy02

9.0.2

pytest 9.0.2 (2025-12-06)

Bug fixes

• #13896: The terminal progress feature added in pytest 9.0.0 has been disabled by default, except on Windows, due to compatibility issues with some terminal emulators.

  You may enable it again by passing -p terminalprogress. We may enable it by default again once compatibility improves in the future.

  Additionally, when the environment variable TERM is dumb, the escape codes are no longer emitted, even if the plugin is enabled.

• #13904: Fixed the TOML type of the tmp_path_retention_count settings in the API reference from number to string.

• #13946: The private config.inicfg attribute was changed in a breaking manner in pytest 9.0.0. Due to its usage in the ecosystem, it is now restored to working order using a compatibility shim. It will be deprecated in pytest 9.1 and removed in pytest 10.

... (truncated)

Commits

• a7d58d7 Prepare release version 9.0.3
• 089d981 Merge pull request #14366 from bluetech/revert-14193-backport
• 8127eaf Revert "Fix: assertrepr_compare respects dict insertion order (#14050) (#14193)"
• 99a7e60 Merge pull request #14363 from pytest-dev/patchback/backports/9.0.x/95d8423bd...
• ddee02a Merge pull request #14343 from bluetech/cve-2025-71176-simple
• 74eac69 doc: Update training info (#14298) (#14301)
• f92dee7 Merge pull request #14267 from pytest-dev/patchback/backports/9.0.x/d6fa26c62...
• 7ee58ac Merge pull request #12378 from Pierre-Sassoulas/fix-implicit-str-concat-and-d...
• 37da870 Merge pull request #14259 from mitre88/patch-4 (#14268)
• c34bfa3 Add explanation for string context diffs (#14257) (#14266)
• Additional commits viewable in compare view

Updates pytest-cov from 7.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

• Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

Commits

• 66c8a52 Bump version: 7.0.0 → 7.1.0
• f707662 Make the examples use pypy 3.11.
• 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
• 8ebf20b Update changelog.
• 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
• fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
• 78c9c4e Only run the 3.9 on older deps.
• 4849a92 Punctuation.
• 197c35e Update changelog and hopefully I don't forget to publish release again :))
• 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
• Additional commits viewable in compare view

Updates ruff from 0.14.5 to 0.15.14

Release notes

Sourced from ruff's releases.

0.15.14

Release Notes

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
• [pylint] Implement too-many-try-statements (W0717) (#23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#23461)
• [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#25144)
• Treat generic frozenset annotations as immutable (#25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

• Avoid unnecessary parser lookahead for operators (#25290)

Documentation

• Update code example setting Neovim LSP log level (#25284)

Other changes

• Add full PEP 798 support (#25104)
• Add a parser recursion limit (#24810)
• Update various ruff_python_stdlib APIs (#25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.14

Released on 2026-05-21.

Preview features

• [airflow] Implement airflow-task-implicit-multiple-outputs (AIR202) (#25152)
• [flake8-use-pathlib] Mark PTH101 fix as unsafe when first argument is a class attribute annotated as int (#25086)
• [pylint] Implement too-many-try-statements (W0717) (#23970)
• [ruff] Add incorrect-decorator-order (RUF074) (#23461)
• [ruff] Add fallible-context-manager (RUF075) (#22844)

Bug fixes

• Fix lambda formatting in interpolated string expressions (#25144)
• Treat generic frozenset annotations as immutable (#25251)
• [flake8-type-checking] Avoid strict behavior when future-annotations are enabled (TC001, TC002, TC003) (#25035)
• [pylint] Avoid false positives in else clause (PLR1733) (#25177)

Rule changes

• [flake8-comprehensions] Skip C417 for lambdas with positional-only parameters (#25272)
• [flake8-simplify] Preserve f-string source verbatim in SIM101 fix (#25061)

Performance

• Avoid unnecessary parser lookahead for operators (#25290)

Documentation

• Update code example setting Neovim LSP log level (#25284)

Other changes

• Add full PEP 798 support (#25104)
• Add a parser recursion limit (#24810)
• Update various ruff_python_stdlib APIs (#25273)

Contributors

• @​ocaballeror
• @​lerebear
• @​samuelcolvin
• @​baltasarblanco
• @​aconal-com
• @​anishgirianish
• @​JelleZijlstra
• @​AlexWaygood
• @​ntBre
• @​adityasingh2400

... (truncated)

Commits

• 9ad2da3 Bump 0.15.14 (#25295)
• c714e84 [ty] Modernize setup of union types in mdtests (#25291)
• 8a8e35e [flake8-comprehensions] Skip C417 for lambdas with positional-only parame...
• aea5ed4 Avoid unnecessary parser lookahead for operators (#25290)
• e9d72bb [ty] Allow enum member accesses on self (#25077)
• 6cbd59b Set exclude-newer = "7 days" in our PEP-723 scripts (#25285)
• 9999a39 Update code example on how to update Neovim LSP log level (#25284)
• 67d8c54 [ty] Retain recursively-defined state in binary expressions (#25277)
• 25a3191 [ty] Refine Callable class-decorator fallback for unknown results (#25250)
• c423054 Add a recursion limit to the parser (#24810)
• Additional commits viewable in compare view

Updates scipy-stubs from 1.16.3.0 to 1.17.1.4

Release notes

Sourced from scipy-stubs's releases.

v1.17.1.4

This release targets SciPy 1.17.1 and supports Python 3.11-3.14, NumPy 1.26-2.4, and optype 0.14-0.18.

🏆 Release Highlights

• 🐛 Fix approx_fprime and newton to accept functions returning n-D arrays in scipy.optimize
• ✨ Improved shape-typing support for statistical testing functions in scipy.stats and FFT shifting functions in scipy.fft
• 🔒️ Enforce zizmor to improve security in GitHub Actions and dependabot (guard against supply-chain attacks, cache poisoning, etc.).

What's Changed

✨ Improvements

• signal: stub the private _signal_api module by @​jorenham in scipy/scipy-stubs#1492
• signal: stub the private _delegators module by @​jorenham in scipy/scipy-stubs#1493
• stats: improved ks_2samp shape-typing by @​jorenham in scipy/scipy-stubs#1494
• stats: improved brunnermunzel shape-typing by @​jorenham in scipy/scipy-stubs#1497
• stats: improved f_oneway shape-typing by @​jorenham in scipy/scipy-stubs#1499
• stats: improved kruskal shape-typing by @​jorenham in scipy/scipy-stubs#1500
• stats: improved sigmaclip dtypes by @​jorenham in scipy/scipy-stubs#1501
• fftpack: improve return dtypes for real transforms by @​Deshan-5 in scipy/scipy-stubs#1509
• signal: improve lp2{lp,hp,bp,bs}[_zpk] and bilinear_zpk by @​Aniketsy in scipy/scipy-stubs#1523
• stats.dunnett: support for longdouble dtypes by @​Aniketsy in scipy/scipy-stubs#1528
• fft: fftshift and ifftshift shape-typing support by @​Aniketsy in scipy/scipy-stubs#1532

🐛 Fixes

• _lib._uarray._backend: fix wrap_single_convertor[_instance] overloads by @​jorenham in scipy/scipy-stubs#1481
• optimize: add vector-valued approx_fprime overload by @​fbourgey in scipy/scipy-stubs#1530
• fft: [i]fftshift dtype preservation for int and bool inputs by @​Aniketsy in scipy/scipy-stubs#1533
• optimize: generalize newton overloads to ND arrays by @​fbourgey in scipy/scipy-stubs#1534

↪️ Workarounds

• sparse: improve CSC and CSR array/matrix constructor compatibility with mypy by @​jorenham in scipy/scipy-stubs#1485

📝 Documentation

• add Monad to the list of downstream projects by @​jorenham in scipy/scipy-stubs#1498

🧹 Maintenance

• 🔖 prepare for further development by @​jorenham in scipy/scipy-stubs#1480
• ⬆️ Update uv-build requirement from <0.11,>=0.10.9 to >=0.10.9,<0.12 in the actions group by @​dependabot[bot] in scipy/scipy-stubs#1482
• ⬆️ ty 0.0.25 by @​jorenham in scipy/scipy-stubs#1483

... (truncated)

Commits

• ff66e8a 🔖 scipy-stubs 1.17.1.4
• 1ba8ccf Merge pull request #1546 from scipy/fix-mypy_primer-comment-workflow
• b4beb7d 💚 fix mypy_primer comment workflow
• 7494565 Merge pull request #1545 from scipy/bump-mypy-pyrefly

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[egordm]

Superseded by #934, which refreshed uv.lock to current versions (cleared all 74 security advisories). Dependabot will track future bumps lockfile-only (#936).

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml