Skip to content

build(requirements): bump the prod group across 1 directory with 5 updates#9

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/prod-37233baa7f
Closed

build(requirements): bump the prod group across 1 directory with 5 updates#9
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/prod-37233baa7f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Apr 27, 2026

Copy link
Copy Markdown
Contributor

Bumps the prod group with 5 updates in the / directory:

Package From To
scikit-learn 1.6.1 1.7.2
xgboost 3.0.0 3.2.0
catboost 1.2.8 1.2.10
numpy 1.23.5 2.2.6
pandas 1.5.3 2.3.3

Updates scikit-learn from 1.6.1 to 1.7.2

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.7.2

We're happy to announce the 1.7.2 release.

This release contains a few bug fixes and is the first version supporting Python 3.14.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.7.html#version-1-7-2

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Thanks to everyone who contributed to this release !

Scikit-learn 1.7.1

We're happy to announce the 1.7.1 release.

This release contains fixes for a few regressions introduced in 1.7.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.7.html#version-1-7-1

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Thanks to everyone who contributed to this release !

Scikit-learn 1.7.0

We're happy to announce the 1.7.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_7_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.7.html

This version supports Python versions 3.10 to 3.13 and features an experimental support of free-threaded CPython.

You can upgrade with pip as usual:

... (truncated)

Commits

Updates xgboost from 3.0.0 to 3.2.0

Release notes

Sourced from xgboost's releases.

Release 3.2.0 stable

Release note

https://xgboost.readthedocs.io/en/latest/changes/v3.2.0.html

Additional artifacts

You can verify the downloaded packages by running the following command on your Unix shell:

echo "<hash> <artifact>" | shasum -a 256 --check
16a31dfbc0c54544c9c36ab5f696fa7b646c125f161c52c814d757a58241a404  xgboost-src-3.2.0.tar.gz
41ce6798ed032380d4efed08cb1e4fadb87a5eba401b530fefcb90f1deb367d0  xgboost_r_gpu_linux.tar.gz

Experimental binary packages for R with CUDA enabled

  • xgboost_r_gpu_linux_3.2.0.tar.gz: Download

Source tarball

3.1.3 Patch Release

What's Changed

  • Scikit-learn 1.8 compatibility fix (#11858)
  • Add ARM CUDA wheels for PyPI. (#11827) Add nccl as dep for aarch64. (#11753)
  • [R] Fix off-by-one bug: nrounds=0 resulted in 2 iterations #11856
  • [R] Fix mingw warnings, winbuilder check warnings, memory safety issues. (#11859, #11847, #11830, #11906)
  • Avoid overflow in rounding estimation. (#11910)
  • Workaround compiler issue on Windows, affects the use of max_delta_step with CUDA. (#11916)

Full Changelog: dmlc/xgboost@v3.1.2...v3.1.3

Additional artifacts:

You can verify the downloaded packages by running the following command on your Unix shell:

echo "<hash> <artifact>" | shasum -a 256 --check
67800a7c1c0455c22c9be73dbf3c39bfd9ac9627b2cb617eb2795fd675a9d49e  xgboost-src-3.1.3.tar.gz
f3586dc2da415bba7c3a632b290d653b74eea0caf2ea9e8ffb488cacb57a1dcf  xgboost_r_gpu_linux.tar.gz

Experimental binary packages for R with CUDA enabled

  • xgboost_r_gpu_linux_3.1.3.tar.gz: Download

... (truncated)

Commits

Updates catboost from 1.2.8 to 1.2.10

Release notes

Sourced from catboost's releases.

1.2.10

New features

1.2.9

⚠️ There are no JVM artifacts for this release due to issues with publishing.: They are available in the next release 1.2.10.

Major changes

  • [Python-package] Add polars input data support. #2524.

    Polars data structures are supported for features, labels and auxiliary data like weight, timestamp etc.

New features

Improvements

  • Remove the limit of 128 threads when loading data. #3027

Speedups

  • Optimize Lossguide grow policy on CPU #2883. Approximate speedup is 1.4x. Thanks to @​Levachev.
  • [Python-package] Support non-float32 numpy numeric types in multithreaded native features data initialization. #1558, #2847
  • [Python-package] Avoid possible repeated reparsing of estimator parameters to canonical forms

Python package

  • Support Python 3.14 #2943
  • pyproject.toml is now PEP-517 compliant.
  • Estimators: Add __sklearn_tags__ method to be compatible with scikit-learn >= 1.8.x. #2955
  • Estimators: Add __repr__ method with a meaningful description expected by scikit-learn #2307. Thanks to @​besteady.
  • Adapt to the removal of dry_run parameters in setuptools 81.0. pypa/setuptools#4872
  • Set upper version bounds for important dependencies to avoid breaking changes

Rust package

Build & testing

Bugfixes

  • [Performance][Windows] __SSE__ compiler flag was not enabled for Windows builds with MSVC compiler. This affected code that relied on this flag including some operations used during training and quantization during model inference. It is important to note that the compiler itself was configured for SSE support and could still apply automatic SSE optimizations.
  • [Python-package] carry.py: fix _uplift_by_name. #2861

... (truncated)

Changelog

Sourced from catboost's changelog.

Release 1.2.10

New features

Release 1.2.9

⚠️ There are no JVM artifacts for this release due to issues with publishing.: They will be updated in the next release soon.

Major changes

  • [Python-package] Add polars input data support. #2524.

    Polars data structures are supported for features, labels and auxiliary data like weight, timestamp etc.

New features

Improvements

  • Remove the limit of 128 threads when loading data. #3027

Speedups

  • Optimize Lossguide grow policy on CPU #2883. Approximate speedup is 1.4x. Thanks to @​Levachev.
  • [Python-package] Support non-float32 numpy numeric types in multithreaded native features data initialization. #1558, #2847
  • [Python-package] Avoid possible repeated reparsing of estimator parameters to canonical forms

Python package

  • Support Python 3.14 #2943
  • pyproject.toml is now PEP-517 compliant.
  • Estimators: Add __sklearn_tags__ method to be compatible with scikit-learn >= 1.8.x. #2955
  • Estimators: Add __repr__ method with a meaningful description expected by scikit-learn #2307. Thanks to @​besteady.
  • Adapt to the removal of dry_run parameters in setuptools 81.0. pypa/setuptools#4872
  • Set upper version bounds for important dependencies to avoid breaking changes

Rust package

Build & testing

Bugfixes

... (truncated)

Commits
  • b1bd2a6 CatBoost release 1.2.10.
  • 05343ed Make Maven Central auto release configurable.
  • b67bd3f Switch from OSSRH to Cental Publisher Portal.
  • b702755 Cannot publish JVM artifacts for release 1.2.9
  • b1c8d30 Allow to re-run PyPI uploads with 'skip-existing'.
  • 60af472 Add 'verbose' flag to PyPI publishing.
  • cf43a17 Add -fsized-deallocation into cmake lists
  • 7dfa8d5 YQL-20095: Ignore modernize-avoid-c-arrays
  • e7d262e CatBoost Release 1.2.9
  • 9612731 Update contrib/libs/expat to 2.7.4
  • Additional commits viewable in compare view

Updates numpy from 1.23.5 to 2.2.6

Release notes

Sourced from numpy's releases.

v2.2.6 (May 17, 2025)

NumPy 2.2.6 Release Notes

NumPy 2.2.6 is a patch release that fixes bugs found after the 2.2.5 release. It is a mix of typing fixes/improvements as well as the normal bug fixes and some CI maintenance.

This release supports Python versions 3.10-3.13.

Contributors

A total of 8 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Charles Harris
  • Ilhan Polat
  • Joren Hammudoglu
  • Marco Gorelli +
  • Matti Picus
  • Nathan Goldbaum
  • Peter Hawkins
  • Sayed Adel

Pull requests merged

A total of 11 pull requests were merged for this release.

  • #28778: MAINT: Prepare 2.2.x for further development
  • #28851: BLD: Update vendor-meson to fix module_feature conflicts arguments...
  • #28852: BUG: fix heap buffer overflow in np.strings.find
  • #28853: TYP: fix NDArray[floating] + float return type
  • #28864: BUG: fix stringdtype singleton thread safety
  • #28865: MAINT: use OpenBLAS 0.3.29
  • #28889: MAINT: from_dlpack thread safety fixes
  • #28913: TYP: Fix non-existent CanIndex annotation in ndarray.setfield
  • #28915: MAINT: Avoid dereferencing/strict aliasing warnings
  • #28916: BUG: Fix missing check for PyErr_Occurred() in _pyarray_correlate.
  • #28966: TYP: reject complex scalar types in ndarray.__ifloordiv__

Checksums

MD5

259343f056061f6eadb2f4b8999d06d4  numpy-2.2.6-cp310-cp310-macosx_10_9_x86_64.whl
16fa85488e149489ce7ee044d7b0d307  numpy-2.2.6-cp310-cp310-macosx_11_0_arm64.whl
f01b7aea9d2b76b1eeb49766e615d689  numpy-2.2.6-cp310-cp310-macosx_14_0_arm64.whl
f2ddc2b22517f6e31caa1372b12c2499  numpy-2.2.6-cp310-cp310-macosx_14_0_x86_64.whl
52190e22869884f0870eb3df7a283ca9  numpy-2.2.6-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
8f382b9ca6770db600edd5ea2447a925  numpy-2.2.6-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
e604aae2ef6e01fb92ecc39aca0424d9  numpy-2.2.6-cp310-cp310-musllinux_1_2_aarch64.whl

... (truncated)

Commits
  • 2b686f6 Merge pull request #28980 from charris/prepare-2.2.6
  • ed41828 REL: Prepare for the NumPy 2.2.6 release [wheel build]
  • 83e4e7f Merge pull request #28966 from charris/backport-28958
  • 248f0cb TYP: add rejection-tests for complex ndarray floordiv
  • 5bad9da TYP: reject complex scalar types in ndarray.__ifloordiv__
  • 6c42775 Merge pull request #28915 from charris/backport-28892
  • 4277e7c Merge pull request #28916 from charris/backport-28898
  • bd1c863 BUG: Fix missing check for PyErr_Occurred() in _pyarray_correlate. (#28898)
  • 87d1d8a MAINT: Avoid dereferencing/strict aliasing warnings during complex casts in `...
  • 9e50659 Merge pull request #28913 from charris/backport-28908
  • Additional commits viewable in compare view

Updates pandas from 1.5.3 to 2.3.3

Release notes

Sourced from pandas's releases.

Pandas 2.3.3

We are pleased to announce the release of pandas 2.3.3. This release includes some improvements and fixes to the future string data type (preview feature for the upcoming pandas 3.0). We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.3.3 supports Python 3.9 and higher, and is the first release to support Python 3.14.

The release will be available on the conda-forge channel:

conda install pandas --channel conda-forge

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Pandas 2.3.2

We are pleased to announce the release of pandas 2.3.2. This release includes some improvements and fixes to the future string data type (preview feature for the upcoming pandas 3.0). We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.3.2 supports Python 3.9 and higher.

The release will be available on the conda-forge channel:

conda install pandas --channel conda-forge

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Pandas 2.3.1

We are pleased to announce the release of pandas 2.3.1. This release includes some improvements and fixes to the future string data type (preview feature for the upcoming pandas 3.0). We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes. Pandas 2.3.1 supports Python 3.9 and higher.

The release will be available on the conda-forge channel:

conda install pandas --channel conda-forge

Or via PyPI:

... (truncated)

Commits
  • 9c8bc3e RLS: 2.3.3
  • 6aa788a [backport 2.3.x] DOC: prepare 2.3.3 whatsnew notes for release (#62499) (#62508)
  • b64f0df [backport 2.3.x] BUG: avoid validation error for ufunc with string[python] ar...
  • 058eb2b [backport 2.3.x] BUG: String[pyarrow] comparison with mixed object (#62424) (...
  • 2ca088d [backport 2.3.x] DEPR: remove the Period resampling deprecation (#62480) (#62...
  • 92bf98f [backport 2.3.x] BUG: fix .str.isdigit to honor unicode superscript for older...
  • e57c7d6 Backport PR #62452 on branch 2.3.x (TST: Adjust tests for numexpr 2.13) (#62454)
  • e0fe9a0 Backport to 2.3.x: REGR: from_records not initializing subclasses properly (#...
  • 23a1085 BUG: improve future warning for boolean operations with missaligned indexes (...
  • 6113696 Backport PR #62396 on branch 2.3.x (PKG/DOC: indicate Python 3.14 support in ...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

📚 Documentation preview 📚: https://RDAgent--9.org.readthedocs.build/en/9/

…dates

Bumps the prod group with 5 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.6.1` | `1.7.2` |
| [xgboost](https://github.com/dmlc/xgboost) | `3.0.0` | `3.2.0` |
| [catboost](https://github.com/catboost/catboost) | `1.2.8` | `1.2.10` |
| [numpy](https://github.com/numpy/numpy) | `1.23.5` | `2.2.6` |
| [pandas](https://github.com/pandas-dev/pandas) | `1.5.3` | `2.3.3` |



Updates `scikit-learn` from 1.6.1 to 1.7.2
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@1.6.1...1.7.2)

Updates `xgboost` from 3.0.0 to 3.2.0
- [Release notes](https://github.com/dmlc/xgboost/releases)
- [Changelog](https://github.com/dmlc/xgboost/blob/master/NEWS.md)
- [Commits](dmlc/xgboost@v3.0.0...v3.2.0)

Updates `catboost` from 1.2.8 to 1.2.10
- [Release notes](https://github.com/catboost/catboost/releases)
- [Changelog](https://github.com/catboost/catboost/blob/master/RELEASE.md)
- [Commits](catboost/catboost@v1.2.8...v1.2.10)

Updates `numpy` from 1.23.5 to 2.2.6
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v1.23.5...v2.2.6)

Updates `pandas` from 1.5.3 to 2.3.3
- [Release notes](https://github.com/pandas-dev/pandas/releases)
- [Commits](pandas-dev/pandas@v1.5.3...v2.3.3)

---
updated-dependencies:
- dependency-name: scikit-learn
  dependency-version: 1.7.2
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: xgboost
  dependency-version: 3.2.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: prod
- dependency-name: catboost
  dependency-version: 1.2.10
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: prod
- dependency-name: numpy
  dependency-version: 2.2.6
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod
- dependency-name: pandas
  dependency-version: 2.3.3
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: prod
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 27, 2026
@dependabot @github

dependabot Bot commented on behalf of github May 11, 2026

Copy link
Copy Markdown
Contributor Author

Looks like these dependencies are updatable in another way, so this is no longer needed.

@dependabot dependabot Bot closed this May 11, 2026
@dependabot dependabot Bot deleted the dependabot/pip/prod-37233baa7f branch May 11, 2026 02:29
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants