chore(deps): bump the python-deps group with 5 updates

[dependabot]

Updates the requirements on statsmodels, pandas, streamlit, matplotlib and ruff to permit the latest version.
Updates statsmodels to 0.14.6

Release notes

Sourced from statsmodels's releases.

Release 0.14.6

This patch release fixes an issue with pandas 3.0.0 that prevented statsmodels from importing. It also addresses some minor changes that improve future compatibility in NumPy.

Commits

• 40e6a84 Merge pull request #9701 from bashtage/doc-0.14.6-changes
• 120ad27 DOC: Release note for 0.14.6
• e8b0ab0 Merge pull request #9700 from bashtage/final-0.14.6-changes
• 8ad398a MAINT: Improve compatability wiht recent NumPy
• 9495808 Merge pull request #9633 from bashtage/changes-0-14-6
• b44854a STY: Fix linting fails
• e7b2fa5 MAINT: Update for recent changes
• 1107ea5 Merge pull request #9591 from bashtage/rls-0-14-5-notes
• f3b362a MAINT: Update CI
• e2249ab DOC: Final fixes
• Additional commits viewable in compare view

Updates pandas to 3.0.3

Release notes

Sourced from pandas's releases.

pandas 3.0.3

We are pleased to announce the release of pandas 3.0.3. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits

• 72f2fea RLS: 3.0.3 (#65590)
• 2897590 Backport PR #65436 on branch 3.0.x (Account for privatization of matplotlib `...
• 49894b5 Backport PR #65499 on branch 3.0.x (BUG: fix check if pyarrow is installed in...
• 1c6d1e3 [backport 3.0.x] PERF: remove special casing for zoneinfo in tz_localize_to_u...
• 2a54711 Backport PR #64379 on branch 3.0.x (PERF: improve performance with ZoneInfo t...
• 036bb7c Backport PR #65482 on branch 3.0.x (PERF: don't call unique on dtypes for che...
• bf4c182 Backport PR #65410 on branch 3.0.x (TST: also convert str index to object in ...
• dd02d75 [backport 3.0.x] BUG: keep fsspec OpenFile alive for chained URL reads (#6547...
• aef3d0f [backport 3.0.x] CI: lowercase types-pymysql/types-pyyaml to fix mamba 2.6.0 ...
• bb8e248 Backport PR #65399 on branch 3.0.x (DOC: fix source link for classes in the r...
• Additional commits viewable in compare view

Updates streamlit to 1.58.0

Release notes

Sourced from streamlit's releases.

1.58.0

What's Changed

Breaking Changes 🛠

• [chore] Remove deprecated add_rows feature by @​lukasmasuch in streamlit/streamlit#15034
• [chore] Remove langchain callback handler integration by @​lukasmasuch in streamlit/streamlit#15051

New Features 🎉

• [feature] Add custom script error handling via st.App by @​lukasmasuch in streamlit/streamlit#14972
• [feature] Add st.pagination widget by @​lukasmasuch in streamlit/streamlit#14975
• [feat] Add type parameter to st.expander and st.status for compact style by @​lukasmasuch in streamlit/streamlit#14054
• [feature][ParallelFragments] Add parallel=True dispatch to @​st.fragment by @​sfc-gh-lwilby-1 in streamlit/streamlit#15214
• [feature] Add API restrictions for parallel fragments by @​sfc-gh-lwilby-1 in streamlit/streamlit#15251
• [feature] Add streamlit skills CLI command by @​lukasmasuch in streamlit/streamlit#15116

Bug Fixes 🐛

• [fix] Selectbox first item hidden when 7 options selected by @​kmcgrady in streamlit/streamlit#14997
• [fix] Defer sys.modules eviction to script-run boundary (#14593) by @​sfc-gh-lwilby in streamlit/streamlit#14826
• [fix] OAuth MismatchingStateError regression in 1.57.0 by @​lukasmasuch in streamlit/streamlit#15048
• [fix] Programmatically closed popovers/expanders reopening on interaction with another by @​kmcgrady in streamlit/streamlit#14945
• [fix] Support symlinks in Starlette static file serving by @​lukasmasuch in streamlit/streamlit#15112
• [feature] Sync URL when session_state updates query-param-bound widgets by @​sfc-gh-lwilby in streamlit/streamlit#14744
• fix: add usedforsecurity=False to blake2b for FIPS compatibility by @​andriykislitsyn in streamlit/streamlit#15149
• fix(fragment): prevent stale auto-reruns from crashing apps by @​sfc-gh-bnisco in streamlit/streamlit#15130
• [fix] Block javascript: and vbscript: URLs in markdown links by @​lukasmasuch in streamlit/streamlit#15161
• Set Max-Age on st.login() cookies to restore 30-day persistence by @​GiovanniPaoloGibilisco in streamlit/streamlit#15194
• [fix] Fix Vega-Lite chart tooltips in dialogs by @​marawanokasha in streamlit/streamlit#15191
• [fix] Help icon for unsafe_allow_html=True in st.markdown by @​sfc-gh-bnisco in streamlit/streamlit#15232
• [fix] Discover script-level .streamlit/config.toml when st.App runs under uvicorn by @​sfc-gh-bnisco in streamlit/streamlit#15218
• [fix] Warn when st.button shortcut is browser-reserved by @​sfc-gh-bnisco in streamlit/streamlit#15217
• fix(auth): migrate provider tokens to joserfc by @​sfc-gh-bnisco in streamlit/streamlit#15178
• Fix browser Back/Forward navigation for pages with Unicode URL paths by @​lukasmasuch in streamlit/streamlit#15281
• [fix] Restore Starlette OAuth PKCE behavior by @​lukasmasuch in streamlit/streamlit#15282
• [fix] Disable Select all in multiselect for >=1000 options by @​lukasmasuch in streamlit/streamlit#15301
• Fix accidental overscrolling in table, dataframe, and data_editor by @​kantuni in streamlit/streamlit#15309

Other Changes

• [chore] Update emojis/material icons by @​github-actions[bot] in streamlit/streamlit#14948
• [chore] Release v1.57.0 by @​github-actions[bot] in streamlit/streamlit#14962
• [fix] Reduce external IP fetch timeout to avoid startup freeze by @​lukasmasuch in streamlit/streamlit#14984
• Adjust widget/icon sizing - Part 1 by @​mayagbarnes in streamlit/streamlit#15056
• [chore] Update emojis/material icons by @​github-actions[bot] in streamlit/streamlit#15134
• Adjust widget/icon sizing - Part 2 by @​mayagbarnes in streamlit/streamlit#15098
• [chore] Update emojis/material icons by @​github-actions[bot] in streamlit/streamlit#15236

New Contributors

• @​simjega made their first contribution in streamlit/streamlit#14927
• @​andriykislitsyn made their first contribution in streamlit/streamlit#15149
• @​GiovanniPaoloGibilisco made their first contribution in streamlit/streamlit#15194
• @​marawanokasha made their first contribution in streamlit/streamlit#15191

Full Changelog: streamlit/streamlit@1.57.0...1.58.0

Commits

• 209ad55 Up version to 1.58.0
• f60c315 [feature] Add streamlit skills CLI command (#15116)
• 8f1a3b5 Fix accidental overscrolling in table, dataframe, and data_editor (#15309)
• 1d00f55 [fix] Disable Select all in multiselect for >=1000 options (#15301)
• 5459f5f [feature] Add API restrictions for parallel fragments (#15251)
• 8f36596 fix(build): fix make all-dev and make protobuf on non-Debian Linux (#15298)
• 163001d [feature][ParallelFragments] Add parallel=True dispatch to @​st.fragment (#15214)
• 08868a8 [fix] Restore Starlette OAuth PKCE behavior (#15282)
• 7165804 Fix browser Back/Forward navigation for pages with Unicode URL paths (#15281)
• 40c3400 [chore] Remove obsolete @​protobufjs/inquire patch (#15296)
• Additional commits viewable in compare view

Updates matplotlib to 3.10.9

Release notes

Sourced from matplotlib's releases.

v3.10.9

This is a micro release of the v3.10.x series. Highlights of this release include:

• Various minor bug and doc fixes
• Security hardening validation of cyclers - Removing eval usage
• Security hardening in Latex and PS calls - Removing shell escapes

Commits

• dd8d78b REL: v3.10.9
• 2fb1891 REL: Release prep v3.10.9
• d0e923a Merge branch 'v3.10.8-doc' into v3.10.x
• 1637932 Merge pull request #31558 from meeseeksmachine/auto-backport-of-pr-31556-on-v...
• a83faac Backport PR #31556: FIX: Inverted PyErr_Occurred check in enum type caster (_...
• a4f57ab Merge pull request #31545 from ksunden/backport-of-pr-31282-on-v3.10.x
• 063288d Merge pull request #31544 from ksunden/backport-of-pr-31248-on-v3.10.x
• b2ed196 Backport PR #31248: SEC: Remove eval() from validate_cycler
• acc6024 Merge pull request #31282 from scottshambaugh/tex_no_shell
• e3fb541 Merge pull request #31078 from meeseeksmachine/auto-backport-of-pr-31075-on-v...
• Additional commits viewable in compare view

Updates ruff to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

0.15.15

... (truncated)

Commits

• 6c498ab Bump 0.15.16 (#25635)
• e51e132 [flake8-async] Implement yield-in-context-manager-in-async-generator (`AS...
• 7c6dcd9 [ty] Add caching for pattern match narrowing (#25613)
• 27058fc [ty] Compact retained definition and expression identities (#25606)
• bf80d05 Fix CODEOWNERS syntax (#25622)
• 10ccd51 Shrink additional parser AST collections (#25465)
• 0d7135f [ty] Upgrade Salsa (#25545)
• 49493a3 [ty] Show type alias value on hover (#25381)
• 85207d3 [ty] sys.implementation.version is not sys.version_info (#25608)
• a8a0614 [ty] Avoid retaining duplicate function signatures (#25609)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

[Colinho22]

Ignoring version bumps as viz is still in development. Closing & deleting.