Bump the python-dependencies group with 10 updates

[dependabot]

Updates the requirements on rasterio, numpy, sqlalchemy, pyarrow, mkdocs, mkdocs-material, mkdocstrings, mkdocs-include-markdown-plugin, mkdocs-jupyter and setuptools to permit the latest version.
Updates rasterio to 1.4.4

Release notes

Sourced from rasterio's releases.

1.4.4

Dependencies:

• Minimum supported versions: Python 3.10+ & GDAL 3.6+ (#3440)

Enhancements:

• Support for affine 3.0 (#3299)
• Enable free threading python & support Python 3.14 (#3425)
• rasterio.warp.reproject: Add tolerance argument (#3325)

Bug fixes:

• Parsing of snuggs expressions containing "is" has been fixed (#3288).
• rasterio.features.geometry_mask: Force uint8 dtype for geometry mask (#3272)
• rasterio.fill.fillnodata: pass filloptions to _fillnodata (#3314)
• rasterio.io.BaseDataset.compression: Fix compression for YCbCr JPEG (#3426)
• rasterio.io.BufferedDatasetWriterBase: Prevent instances of BufferedDatasetWriter from finalizing twice (#3309).
• rasterio.warp.reproject: Set INIT_DEST to 0 instead of NO_DATA if it's unset (#3389)
• rasterio.warp.reproject: Support masked arrays with numpy.ma.nomask (#3306)
• CLI:rio.convert: Make sure blocksizes are integers before using them (#3390)
• CLI:rio.info: Fix use 'stats' for RasterioDeprecationWarning (#3380)
• CLI:rio.rasterize: Use context manager to ensure dataset closed (#3443)
• CLI: Remove default=False for flag_value of str type (#3392)
• CLI: Fix geojson_type click option implementation (#3391)
• CLI: Remove importlib_metatada import (#3445)
• Documentation (#3348, #3407, #3409, #3350, #3352, #3368, #3351, #3384, #3318, #3344, #3337, #3343, #3342, #3340, #3347, #3349)
• Tests (#3400, #3330, #3404, #3293, #3360, #3444, #3462, #3463)

Packaging notes:

• Wheel: GDAL 3.10.3 & PROJ 9.7.1 (#3381, #3439)

Full list of software versions

Contributors

• @​adamjstewart
• @​gcaria
• @​groutr
• @​jtsilverio
• @​nathanjmcdougall
• @​omarkhan
• @​pjonsson
• @​QuLogic
• @​schwehr
• @​scottstanie
• @​sgillies
• @​simonreise
• @​snowman2

... (truncated)

Changelog

Sourced from rasterio's changelog.

1.4.4 (2025-12-12)

Dependencies:

• Minimum supported versions: Python 3.10+ & GDAL 3.6+ (#3440)

Enhancements:

• Support for affine 3.0 (#3299)
• Enable free threading python & support Python 3.14 (#3425)
• rasterio.warp.reproject: Add tolerance argument (#3325)

Bug fixes:

• Parsing of snuggs expressions containing "is" has been fixed (#3288).
• rasterio.features.geometry_mask: Force uint8 dtype for geometry mask (#3272)
• rasterio.fill.fillnodata: pass filloptions to _fillnodata (#3314)
• rasterio.io.BaseDataset.compression: Fix compression for YCbCr JPEG (#3426)
• rasterio.io.BufferedDatasetWriterBase: Prevent instances of BufferedDatasetWriter from finalizing twice (#3309).
• rasterio.warp.reproject: Set INIT_DEST to 0 instead of NO_DATA if it's unset (#3389)
• rasterio.warp.reproject: Support masked arrays with numpy.ma.nomask (#3306)
• CLI:rio.convert: Make sure blocksizes are integers before using them (#3390)
• CLI:rio.info: Fix use 'stats' for RasterioDeprecationWarning (#3380)
• CLI:rio.rasterize: Use context manager to ensure dataset closed (#3443)
• CLI: Remove default=False for flag_value of str type (#3392)
• CLI: Fix geojson_type click option implementation (#3391)
• CLI: Remove importlib_metatada import (#3445)
• Documentation (#3348, #3407, #3409, #3350, #3352, #3368, #3351, #3384, #3318, #3344, #3337, #3343, #3342, #3340, #3347, #3349)
• Tests (#3400, #3330, #3404, #3293, #3360, #3444, #3462, #3463)

Packaging notes:

• Wheel: GDAL 3.10.3 & PROJ 9.7.1 (#3381, #3439)

Full list of software versions: https://github.com/rasterio/rasterio/blob/1.4.4/ci/config.sh#L1-L25

Full Changelog: rasterio/rasterio@1.4.3...1.4.4

1.4.3 (2024-12-02)

Bug fixes:

• Erroneous masking of 0-valued raster data by boundless, masked reads has been fixed (#3268).
• If passed a dataset object, rasterio.open() now raises TypeError instead of proceeding and crashing (#3266).

... (truncated)

Commits

• d8d81ce DOC:CHANGES: Add wheel software versions, github changelog, update tests refe...
• 9c28951 MNT: Version 1.4.4
• 0b5607a MNT: 1.4.4rc1
• fcbe16b TST:test_warped_vrt_msk_add_alpha: Use dsrec & caplog to check mask (#3462)
• 412c14e TST: Use context manager for WarpedVRT (#3463)
• 9a6a1d1 CI: Set GDAL_VERSION only in build-wheels & deploy on tag release (#3449)
• fdffb39 DEP: Remove importlib-metadata (#3448)
• 37831ad MNT: Version 1.4.4rc0
• ea2920f CI: Remove duplicate DGDAL_USE_PCRE2 config option (#3447)
• f5eb095 DOC: Update changelog
• Additional commits viewable in compare view

Updates numpy to 2.2.6

Release notes

Sourced from numpy's releases.

v2.2.6 (May 17, 2025)

NumPy 2.2.6 Release Notes

NumPy 2.2.6 is a patch release that fixes bugs found after the 2.2.5 release. It is a mix of typing fixes/improvements as well as the normal bug fixes and some CI maintenance.

This release supports Python versions 3.10-3.13.

Contributors

A total of 8 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Charles Harris
• Ilhan Polat
• Joren Hammudoglu
• Marco Gorelli +
• Matti Picus
• Nathan Goldbaum
• Peter Hawkins
• Sayed Adel

Pull requests merged

A total of 11 pull requests were merged for this release.

• #28778: MAINT: Prepare 2.2.x for further development
• #28851: BLD: Update vendor-meson to fix module_feature conflicts arguments...
• #28852: BUG: fix heap buffer overflow in np.strings.find
• #28853: TYP: fix NDArray[floating] + float return type
• #28864: BUG: fix stringdtype singleton thread safety
• #28865: MAINT: use OpenBLAS 0.3.29
• #28889: MAINT: from_dlpack thread safety fixes
• #28913: TYP: Fix non-existent CanIndex annotation in ndarray.setfield
• #28915: MAINT: Avoid dereferencing/strict aliasing warnings
• #28916: BUG: Fix missing check for PyErr_Occurred() in _pyarray_correlate.
• #28966: TYP: reject complex scalar types in ndarray.__ifloordiv__

Checksums

MD5

259343f056061f6eadb2f4b8999d06d4  numpy-2.2.6-cp310-cp310-macosx_10_9_x86_64.whl
16fa85488e149489ce7ee044d7b0d307  numpy-2.2.6-cp310-cp310-macosx_11_0_arm64.whl
f01b7aea9d2b76b1eeb49766e615d689  numpy-2.2.6-cp310-cp310-macosx_14_0_arm64.whl
f2ddc2b22517f6e31caa1372b12c2499  numpy-2.2.6-cp310-cp310-macosx_14_0_x86_64.whl
52190e22869884f0870eb3df7a283ca9  numpy-2.2.6-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
8f382b9ca6770db600edd5ea2447a925  numpy-2.2.6-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
e604aae2ef6e01fb92ecc39aca0424d9  numpy-2.2.6-cp310-cp310-musllinux_1_2_aarch64.whl

... (truncated)

Commits

• 2b686f6 Merge pull request #28980 from charris/prepare-2.2.6
• ed41828 REL: Prepare for the NumPy 2.2.6 release [wheel build]
• 83e4e7f Merge pull request #28966 from charris/backport-28958
• 248f0cb TYP: add rejection-tests for complex ndarray floordiv
• 5bad9da TYP: reject complex scalar types in ndarray.__ifloordiv__
• 6c42775 Merge pull request #28915 from charris/backport-28892
• 4277e7c Merge pull request #28916 from charris/backport-28898
• bd1c863 BUG: Fix missing check for PyErr_Occurred() in _pyarray_correlate. (#28898)
• 87d1d8a MAINT: Avoid dereferencing/strict aliasing warnings during complex casts in `...
• 9e50659 Merge pull request #28913 from charris/backport-28908
• Additional commits viewable in compare view

Updates sqlalchemy to 2.0.49

Release notes

Sourced from sqlalchemy's releases.

2.0.49

Released: April 3, 2026

orm

• [orm] [bug] Fixed issue where _orm.Session.get() would bypass the identity map and emit unnecessary SQL when with_for_update=False was passed, rather than treating it equivalently to the default of None. Pull request courtesy of Joshua Swanson.

  References: #13176

• [orm] [bug] Fixed issue where chained _orm.joinedload() options would not be applied correctly when the final relationship in the chain is declared on a base mapper and accessed through a subclass mapper in a _orm.with_polymorphic() query. The path registry now correctly computes the natural path when a property declared on a base class is accessed through a path containing a subclass mapper, ensuring the loader option can be located during query compilation.

  References: #13193

• [orm] [bug] [inheritance] Fixed issue where using _orm.Load.options() to apply a chained loader option such as _orm.joinedload() or _orm.selectinload() with _orm.PropComparator.of_type() for a polymorphic relationship would not generate the necessary clauses for the polymorphic subclasses. The polymorphic loading strategy is now correctly propagated when using a call such as joinedload(A.b).options(joinedload(B.c.of_type(poly))) to match the behavior of direct chaining e.g. joinedload(A.b).joinedload(B.c.of_type(poly)).

  References: #13202

• [orm] [bug] [inheritance] Fixed issue where using chained loader options such as _orm.selectinload() after _orm.joinedload() with _orm.PropComparator.of_type() for a polymorphic relationship would not properly apply the chained loader option. The loader option is now correctly applied when using a call such as joinedload(A.b.of_type(poly)).selectinload(poly.SubClass.c) to eagerly load related objects.

  References: #13209

typing

• [typing] [bug] Fixed a typing issue where the typed members of :data:.func would return the appropriate class of the same name, however this creates an issue for

... (truncated)

Commits

• See full diff in compare view

Updates pyarrow to 24.0.0

Release notes

Sourced from pyarrow's releases.

Apache Arrow 24.0.0

Release Notes URL: https://arrow.apache.org/release/24.0.0.html

Commits

• 31b4b6c MINOR: [Release] Update versions for 24.0.0
• 06dbc17 MINOR: [Release] Update .deb/.rpm changelogs for 24.0.0
• a021d80 MINOR: [Release] Update CHANGELOG.md for 24.0.0
• 2d6b12c GH-49716: [C++] FixedShapeTensorType::Deserialize should strictly validate se...
• a74cb6a GH-49697: [C++][CI] Check IPC file body bounds are in sync with decoder outco...
• 871a0c6 GH-49676: [Python][Packaging] Fix gRPC docker image layer being too big for h...
• f9203b3 GH-49586: [C++][CI] StructToStructSubset test failure with libc++ 22.1.1 (#49...
• fe298b4 GH-49628: [Python][Interchange protocol] Suppress warnings for pandas 4.0.0 a...
• 1f94910 GH-49252: [GLib] Deprecate Feather features (#49673)
• 5ba5c3c GH-49671: [CI][Docs] Don't run jobs for push by Dependabot (#49672)
• Additional commits viewable in compare view

Updates mkdocs to 1.6.1

Release notes

Sourced from mkdocs's releases.

1.6.1

Version 1.6.1 (Friday 30th August, 2024)

Fixed

• Fix build error when environment variable SOURCE_DATE_EPOCH=0 is set. #3795
• Fix build error when mkdocs_theme.yml config is empty. #3700
• Support python -W and PYTHONWARNINGS instead of overriding the configuration. #3809
• Support running with Docker under strict mode, by removing 0.0.0.0 dev server warning. #3784
• Drop unnecessary changefreq from sitemap.xml. #3629
• Fix JavaScript console error when closing menu dropdown. #3774
• Fix JavaScript console error that occur on repeated clicks. #3730
• Fix JavaScript console error that can occur on dropdown selections. #3694

Added

• Added translations for Dutch. #3804
• Added and updated translations for Chinese (Simplified). #3684

Commits

• bb7e8b6 Version 1.6.1. (#3819)
• 0b22a52 Merge pull request #3795 from mkdocs/tomchristie-patch-1
• 695d8ed Merge pull request #3808 from razorblack/master
• 347e79f Merge pull request #3817 from gesslar/patch-1
• 200f6f9 Update configuration.md
• 05a64b4 Use utc timezones consistently
• 9204eb6 Merge pull request #3809 from pawamoy/warnings-control
• a16d60f Merge pull request #3804 from KenSentMe/master
• e72c7d0 Merge pull request #3784 from squidfunk/fix/docker-warning
• d737625 Merge pull request #3774 from squidfunk/fix/dropdown
• Additional commits viewable in compare view

Updates mkdocs-material to 9.7.6

Release notes

Sourced from mkdocs-material's releases.

mkdocs-material-9.7.6

[!WARNING]

Material for MkDocs is in maintenance mode

Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs until November 2026.

Read the full announcement on our blog

Changes

• Automatically disable MkDocs 2.0 warning for forks of MkDocs

Changelog

Sourced from mkdocs-material's changelog.

mkdocs-material-9.7.6 (2026-03-19)

• Automatically disable MkDocs 2.0 warning for forks of MkDocs

mkdocs-material-9.7.5 (2026-03-10)

• Limited version range of mkdocs to <2
• Updated MkDocs 2.0 incompatibility warning (clarify relation with MkDocs)

mkdocs-material-9.7.4 (2026-03-03)

• Hardened social cards plugin by switching to sandboxed environment
• Updated MkDocs 2.0 incompatibility warning

mkdocs-material-9.7.3 (2026-02-24)

• Fixed #8567: Print MkDocs 2.0 incompatibility warning to stderr

mkdocs-material-9.7.2 (2026-02-18)

• Opened up version ranges of optional dependencies for forward-compatibility
• Added warning to 'mkdocs build' about impending MkDocs 2.0 incompatibility

mkdocs-material-9.7.1 (2025-12-18)

• Updated requests to 2.30+ to mitigate CVE in urllib
• Fixed privacy plugin not picking up protocol-relative URLs
• Fixed #8542: false positives and negatives captured in privacy plugin

mkdocs-material-9.7.0 (2025-11-11)

⚠️ Material for MkDocs is now in maintenance mode

This is the last release of Material for MkDocs that will receive new features. Going forward, the Material for MkDocs team focuses on Zensical, a next-gen static site generator built from first principles. We will provide critical bug fixes and security updates for Material for MkDocs for 12 months at least.

Read the full announcement on our blog: https://squidfunk.github.io/mkdocs-material/blog/2025/11/05/zensical/

This release includes all features that were previously exclusive to the Insiders edition. These features are now freely available to everyone.

Note on deprecated plugins: The projects and typeset plugins are included in this release, but must be considered deprecated. Both plugins proved unsustainable to maintain and represent architectural dead ends. They are provided as-is without ongoing support.

Changes:

... (truncated)

Commits

• 6c52ed6 Prepare 9.7.6 release
• 51d9b76 Automatically disable MkDocs 2.0 warning for forks of MkDocs
• 6f9a48b Updated links
• 00b9933 Prepare 9.7.5 release
• 37683d1 Updated blog post on MkDocs 2.0
• 199e315 Updated warning message to clarify relation to MkDocs
• 1025833 Limited version range of mkdocs to <2
• 1532f52 Added update log to blog post
• d0c8b28 Updated dependencies to fix vulnerabilities
• 71d4869 Updated blog post on MkDocs 2.0
• Additional commits viewable in compare view

Updates mkdocstrings to 1.0.4

Release notes

Sourced from mkdocstrings's releases.

1.0.4

1.0.4 - 2026-04-15

Compare with 1.0.3

Bug Fixes

• Add timeout when downloading inventories (10 seconds) (3d1969a by Simon Lloyd). Issue-819

Changelog

Sourced from mkdocstrings's changelog.

1.0.4 - 2026-04-15

Compare with 1.0.3

Bug Fixes

• Add timeout when downloading inventories (10 seconds) (3d1969a by Simon Lloyd). Issue-819

1.0.3 - 2026-02-07

Compare with 1.0.2

Bug Fixes

• Forward extension instances directly passed from Zensical (65b27ec by Timothée Mazzucotelli).
• Propagate Zensical's zrelpath processor (dbf263d by Timothée Mazzucotelli).

1.0.2 - 2026-01-24

Compare with 1.0.1

Code Refactoring

• Use global instances for handlers and autorefs (9f79141 by Timothée Mazzucotelli).

1.0.1 - 2026-01-19

Compare with 1.0.0

Code Refactoring

• Support manual cross-references in Zensical too (d37d907 by Timothée Mazzucotelli).
• Support cross-references in Zensical (f43f1ee by Timothée Mazzucotelli). PR-812

1.0.0 - 2025-11-27

Compare with 0.30.1

Breaking Changes

• BaseHandler.name: Attribute value was changed: '' -> unset
• BaseHandler.domain: Attribute value was changed: '' -> unset
• BaseHandler.fallback_config: Public object was removed
• BaseHandler.__init__(args): Parameter was removed
• BaseHandler.__init__(kwargs): Parameter was removed
• BaseHandler.__init__(theme): Parameter was added as required
• BaseHandler.__init__(custom_templates): Parameter was added as required
• BaseHandler.__init__(mdx): Parameter was added as required
• BaseHandler.__init__(mdx_config): Parameter was added as required
• BaseHandler.update_env(args): Parameter was removed

... (truncated)

Commits

• a938528 chore: Prepare release 1.0.4
• 1eaa224 ci: Lint and type-check
• 80e090d Merge branch 'main' of github.com:mkdocstrings/mkdocstrings
• 5f82a58 chore: Template upgrade
• 3d1969a fix: Add timeout when downloading inventories (10 seconds)
• a0c47b9 docs: Fix broken link in README
• e500a2b chore: Update sponsors section in README
• 8bdff16 chore: Prepare release 1.0.3
• 65b27ec fix: Forward extension instances directly passed from Zensical
• 1624e2c ci: Update lint/type-checking
• Additional commits viewable in compare view

Updates mkdocs-include-markdown-plugin to 7.2.2

Release notes

Sourced from mkdocs-include-markdown-plugin's releases.

v7.2.2

Bug fixes

• Fix natural order by extension not correctly applied

Commits

• 98cf8e8 Fix natural order by extension not correctly applied (#292)
• 39df609 Optimize string concatenation across multiple files (#288)
• 39fb543 docs(license): update copyright year(s) (#287)
• 6fd647f Document that filesystem order allows reverse (#286)
• 32978ca Deduplicate common arguments in documentation (#285)
• 708a374 Add new argument order to sort inclusions (#279)
• 8b77f66 Add a security policy (#278)
• 7466d67 Escape placeholders to avoid input collisions (#277)
• 1ae8fca Cheaper placeholders (#276)
• 39fb303 Fix tests for comments global config and update JSON Schema (#275)
• Additional commits viewable in compare view

Updates mkdocs-jupyter to 0.26.3

Changelog

Sourced from mkdocs-jupyter's changelog.

mkdocs-jupyter Change Log

0.25.1

• Add option to customize Mathjax URL
• Fix issue which caused unrelated source files from being copied into the output directory
• Replace print statements with logging

0.24.3

• Fix theme selection

0.24.1

• Fix TOC header links

0.24.0

• Add option for including requireJS
• Add option for custom highlight CSS classes
• Make execute_ignore a list
• Fix various CSS issues

0.23.0

• Support nbconvert 7

0.21.0

• Support Pygments 2.1.0
• Fix some markdown CSS overflow issues

0.20.1

• Remove ipython_genutils dependency (#70) by: @​incentsarago

0.20.0

• Support for toggle themes in material
• Use poetry 1.1.X

0.19.0

• Support mkdocs-material 8

0.18.1

• Support multiple languages syntax highlighting

0.18.0

... (truncated)

Commits

• See full diff in compare view

Updates setuptools to 82.0.1

Changelog

Sourced from setuptools's changelog.

v82.0.1

Bugfixes

• Fix the loading of launcher manifest.xml file. (#5047)
• Replaced deprecated json.__version__ with fixture in tests. (#5186)

Improved Documentation

• Add advice about how to improve predictability when installing sdists. (#5168)

Misc

• #4941, #5157, #5169, #5175

v82.0.0

Deprecations and Removals

• pkg_resources has been removed from Setuptools. Most common uses of pkg_resources have been superseded by the importlib.resources <https://docs.python.org/3/library/importlib.resources.html>_ and importlib.metadata <https://docs.python.org/3/library/importlib.metadata.html>_ projects. Projects and environments relying on pkg_resources for namespace packages or other behavior should depend on older versions of setuptools. (#3085)

v81.0.0

Deprecations and Removals

• Removed support for the --dry-run parameter to setup.py. This one feature by its nature threads through lots of core and ancillary functionality, adding complexity and friction. Removal of this parameter will help decouple the compiler functionality from distutils and thus the eventual full integration of distutils. These changes do affect some class and function signatures, so any derivative functionality may require some compatibility shims to support their expected interface. Please report any issues to the Setuptools project for investigation. (#4872)

v80.10.2

Bugfixes

• Update vendored dependencies. (#5159)

Misc

... (truncated)

Commits

• 5a13876 Bump version: 82.0.0 → 82.0.1
• 51ab8f1 Avoid using (deprecated) 'json.version' in tests (#5194)
• f9c37b2 Docs/CI: Fix intersphinx references (#5195)
• 8173db2 Docs: Fix intersphinx references
• 09bafbc Fix past tense on newsfragment
• 461ea56 Add news fragment
• c4ffe53 Avoid using (deprecated) 'json.version' in tests
• 749258b Cleanup pkg_resources dependencies and configuration (#5175)
• 2019c16 Parse ext-module.define-macros from pyproject.toml as list of tuples (#5169)
• b809c86 Sync setuptools schema with validate-pyproject (#5157)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: python. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.