build(deps): bump the python-dependencies group across 1 directory with 14 updates

[dependabot]

Updates the requirements on pandas, numpy, pyarrow, matplotlib, requests, pytest, pytest-cov, pyright, ruff, pre-commit, commitizen, pandas-stubs, types-requests and hatchling to permit the latest version.
Updates pandas from 3.0.1 to 3.0.3

Release notes

Sourced from pandas's releases.

pandas 3.0.3

We are pleased to announce the release of pandas 3.0.3. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

pandas 3.0.2

We are pleased to announce the release of pandas 3.0.2. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits

• 72f2fea RLS: 3.0.3 (#65590)
• 2897590 Backport PR #65436 on branch 3.0.x (Account for privatization of matplotlib `...
• 49894b5 Backport PR #65499 on branch 3.0.x (BUG: fix check if pyarrow is installed in...
• 1c6d1e3 [backport 3.0.x] PERF: remove special casing for zoneinfo in tz_localize_to_u...
• 2a54711 Backport PR #64379 on branch 3.0.x (PERF: improve performance with ZoneInfo t...
• 036bb7c Backport PR #65482 on branch 3.0.x (PERF: don't call unique on dtypes for che...
• bf4c182 Backport PR #65410 on branch 3.0.x (TST: also convert str index to object in ...
• dd02d75 [backport 3.0.x] BUG: keep fsspec OpenFile alive for chained URL reads (#6547...
• aef3d0f [backport 3.0.x] CI: lowercase types-pymysql/types-pyyaml to fix mamba 2.6.0 ...
• bb8e248 Backport PR #65399 on branch 3.0.x (DOC: fix source link for classes in the r...
• Additional commits viewable in compare view

Updates numpy from 2.4.3 to 2.4.6

Release notes

Sourced from numpy's releases.

v2.4.6 (May 18, 2026)

NumPy 2.4.6 Release Notes

NumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5 release.

This release supports Python versions 3.11-3.14

Contributors

A total of 4 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• !EarlMilktea
• Charles Harris
• Sebastian Berg
• Warren Weckesser

Pull requests merged

A total of 4 pull requests were merged for this release.

• #31444: MAINT: Prepare 2.4.x for further development
• #31453: BUG: Fix regression in arr.conj()
• #31459: BUG: np.linalg.svd(..., hermitian=True) returns non-unitary...
• #31460: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...

v2.4.5 (May 15, 2026)

NumPy 2.4.5 Release Notes

NumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4 release, has some typing improvements, and maintains infrastructure.

This release supports Python versions 3.11-3.14

Contributors

A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Aleksei Nikiforov
• Anarion Zuo +
• Ankit Ahlawat
• Breno Favaretto +
• Charles Harris
• Igor Krivenko +
• Ijtihed Kilani +
• Joren Hammudoglu
• Maarten Baert +

... (truncated)

Commits

• b832a09 Merge pull request #31462 from charris/prepare-2.4.6
• 57cc147 REL: Prepare for the NumPy 2.4.6 release
• 0c72b0b Merge pull request #31459 from charris/backport-31347
• 9778d26 BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...
• e0e3876 BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...
• d1bffeb BUG: np.linalg.svd(..., hermitian=True) returns non-unitary vh (#31347)
• 8d8d7e5 Merge pull request #31453 from seberg/issue-31452
• bddaab7 BUG: Fix regression in arr.conj()
• 37a1ecc Merge pull request #31444 from charris/begin-2.4.6
• 3c0e043 MAINT: Prepare 2.4.x for further development
• Additional commits viewable in compare view

Updates pyarrow from 23.0.1 to 24.0.0

Release notes

Sourced from pyarrow's releases.

Apache Arrow 24.0.0

Release Notes URL: https://arrow.apache.org/release/24.0.0.html

Apache Arrow 24.0.0 RC0

Release Notes: Release Candidate: 24.0.0 RC0

Commits

• 31b4b6c MINOR: [Release] Update versions for 24.0.0
• 06dbc17 MINOR: [Release] Update .deb/.rpm changelogs for 24.0.0
• a021d80 MINOR: [Release] Update CHANGELOG.md for 24.0.0
• 2d6b12c GH-49716: [C++] FixedShapeTensorType::Deserialize should strictly validate se...
• a74cb6a GH-49697: [C++][CI] Check IPC file body bounds are in sync with decoder outco...
• 871a0c6 GH-49676: [Python][Packaging] Fix gRPC docker image layer being too big for h...
• f9203b3 GH-49586: [C++][CI] StructToStructSubset test failure with libc++ 22.1.1 (#49...
• fe298b4 GH-49628: [Python][Interchange protocol] Suppress warnings for pandas 4.0.0 a...
• 1f94910 GH-49252: [GLib] Deprecate Feather features (#49673)
• 5ba5c3c GH-49671: [CI][Docs] Don't run jobs for push by Dependabot (#49672)
• Additional commits viewable in compare view

Updates matplotlib from 3.10.8 to 3.11.0

Release notes

Sourced from matplotlib's releases.

REL: v3.11.0

The largest change within this release is a complete overhaul of text and font processing. Through the use of libraqm, HarfBuzz, SheenBidi, and an updated release of FreeType, all text should now support modern font features, enabling full internationalization in all languages. Not all features of these libraries are supported yet, but we expect this work to enable further improvements in an easier manner.

Outside of text handling, there are several improvements to 3D Axes, performance, new accessible colour sequences, flexible figure management, and more. See the release notes for more information.

REL: v3.11.0rc2

This is the second release candidate for the meso release 3.11.0.

This release candidate fixes some problems with downstream packages, removes some missed deprecations, and corrects some additional minor bugs.

REL: v3.11.0rc1

After an extended development stretch, we are pleased to announce the first release candidate of Matplotlib 3.11.0.

The largest change within this release is a complete overhaul of text and font processing. Through the use of libraqm, HarfBuzz, SheenBidi, and an updated release of FreeType, all text should now support modern font features, enabling full internationalization in all languages. Not all features of these libraries are supported yet, but we expect this work to enable further improvements in an easier manner. Due to the update to the font rendering stack, we cannot guarantee that text will be bit-for-bit perfect with previous releases, so if you are using Matplotlib for testing, it may be necessary to introduce/raise a tolerance within your tests.

Outside of text handling, there are several improvements to 3D Axes, performance, new accessible colour sequences, flexible figure management, and more. Final release notes are still being curated, but you may browse the list of new features, API changes, and all issues/pull requests on the milestone.

As a note for downstream packagers, the font libraries have only been tested against the versions bundled with the wheels. It may be possible to expand the range of requirements, or that a requirement is too broad. Please report any issues you have building against external dependencies.

v3.10.9

This is a micro release of the v3.10.x series. Highlights of this release include:

• Various minor bug and doc fixes
• Security hardening validation of cyclers - Removing eval usage
• Security hardening in Latex and PS calls - Removing shell escapes

Commits

• 69c7534 REL: v3.11.0
• b7d912b DOC: Set 3.11 as preferred stable release
• 7c3d502 Update Security Policy for 3.11
• 964e73d DOC: Prepare GitHub stats for 3.11 final
• bfa2633 Bump font manager version to final release
• d0603b2 Merge pull request #31873 from meeseeksmachine/auto-backport-of-pr-31706-on-v...
• edf5ebc Backport PR #31706: Fix clabel manual index
• c0e80b7 Merge pull request #31872 from meeseeksmachine/auto-backport-of-pr-31868-on-v...
• 2a14854 Backport PR #31868: DOC: Move errorbar examples to the statistics sections
• ea43d96 Merge pull request #31871 from meeseeksmachine/auto-backport-of-pr-31870-on-v...
• Additional commits viewable in compare view

Updates requests from 2.33.0 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

• Widened json input type from dict and list to Mapping and Sequence. (#7436)
• Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
• Response.reason moved from str | None to str to improve handling for users. (#7437)
• Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

• @​k223kim made their first contribution in psf/requests#7433

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

• Widened json input type from dict and list to Mapping and Sequence. (#7436)
• Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
• Response.reason moved from str | None to str to improve handling for users. (#7437)
• Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
• Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

... (truncated)

Commits

• 6e83187 v2.34.2
• 84d10f0 Move Request.headers back to Mapping (#7441)
• b7b549b v2.34.1
• e511bc7 Fix mutability issues with headers input types (#7431)
• 5691f59 Update JsonType containers to read-based collections (#7436)
• 2144213 Constrain Response.reason to str (#7437)
• 6404f34 Fix prepare_body stream detection for __getattr__-based file wrappers (#7...
• 0b401c7 v2.34.0
• 86b378d Align Session.get parameters with requests.get (#7429)
• a4f9a59 Port bpo-39057 to Requests (#7427)
• Additional commits viewable in compare view

Updates pytest from 9.0.3 to 9.1.0

Release notes

Sourced from pytest's releases.

9.1.0

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

• #14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

  If this is undesirable, move the fixture definition to a conftest.py file if possible.

  Technical explanation for those interested: When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module. This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

• #10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

  See 10819 and 14011.

• #12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

  See dynamic-fixture-request-during-teardown for details.

• #13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

  These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times, using class-level parametrize decorators, or collecting tests multiple times.

  See parametrize-iterators for details and suggestions.

• #13946: The private config.inicfg attribute is now deprecated. Use config.getini() <pytest.Config.getini> to access configuration values instead.

  See config-inicfg for more details.

• #14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

  Use the node parameter instead for fixture scoping. This enables more robust node-based matching instead of string prefix matching. If you've used nodeid=None, pass node=session instead.

  This will be removed in pytest 10.

• #14335: The method of configuring hooks using markers, deprecated since pytest 7.2, is now scheduled to be removed in pytest 10. See hook-markers for more details.

• #14434: The --pastebin option is now deprecated.

... (truncated)

Commits

• b2522cf Prepare release version 9.1.0
• 368d2fc [refactor] Tighten SetComparisonFunction to Iterator[str] (#14587)
• ff77cd8 [refactor] Make base assertion comparisons return an iterator instead of a li...
• 0d8491a build(deps): Bump actions/stale from 10.2.0 to 10.3.0
• 4a809d9 Merge pull request #14568 from pytest-dev/register-fixture
• 5dfa385 Fix recursion traceback test to cover all styles (#14582)
• f52ff0c Add pytest.register_fixture
• a8ac094 Merge pull request #14567 from pytest-dev/more-visibility-deprecate
• e5620cd [pre-commit.ci] pre-commit autoupdate (#14577)
• 2ce9c6d Merge pull request #14540 from minbang930/fix-14533-doctest-module-fixtures
• Additional commits viewable in compare view

Updates pytest-cov from 7.0.0 to 7.1.0

Changelog

Sourced from pytest-cov's changelog.

7.1.0 (2026-03-21)

• Fixed total coverage computation to always be consistent, regardless of reporting settings. Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on reporting options. See [#641](https://github.com/pytest-dev/pytest-cov/issues/641) <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0). It checks if there is already existing plugin for this message by comparing filter regular expression. When filter is specified on command line the message is escaped and does not match an expected message. A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation. Contributed by Art Pelling in [#718](https://github.com/pytest-dev/pytest-cov/issues/718) <https://github.com/pytest-dev/pytest-cov/pull/718>_ and "vivodi" in [#738](https://github.com/pytest-dev/pytest-cov/issues/738) <https://github.com/pytest-dev/pytest-cov/pull/738>. Also closed [#736](https://github.com/pytest-dev/pytest-cov/issues/736) <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests. Contributed by in Markéta Machová in [#722](https://github.com/pytest-dev/pytest-cov/issues/722) <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

Commits

• 66c8a52 Bump version: 7.0.0 → 7.1.0
• f707662 Make the examples use pypy 3.11.
• 6049a78 Make context test use the old ctracer (seems the new sysmon tracer behaves di...
• 8ebf20b Update changelog.
• 861d30e Remove the backup context manager - shouldn't be needed since coverage 5.0, ...
• fd4c956 Pass the precision on the nulled total (seems that there's some caching goion...
• 78c9c4e Only run the 3.9 on older deps.
• 4849a92 Punctuation.
• 197c35e Update changelog and hopefully I don't forget to publish release again :))
• 14dc1c9 Update examples to use 3.11 and make the adhoc layout example look a bit more...
• Additional commits viewable in compare view

Updates pyright from 1.1.408 to 1.1.410

Commits

• 509391a Pyright NPM Package update to 1.1.410 (#361)
• d7508e5 [pyright updated to 1.1.409] Update Version (#359)
• See full diff in compare view

Updates ruff from 0.15.6 to 0.15.17

Release notes

Sourced from ruff's releases.

0.15.17

Release Notes

Released on 2026-06-11.

Preview features

• Allow human-readable names in suppression comments (#25614)
• Fix handling of ignore comments within a disable/enable pair (#25845)
• Prioritize human-readable names in CLI output (#25869)
• Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
• [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
• [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
• [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
• [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

• Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
• [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

• [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
• [numpy] Drop autofix for np.in1d (NPY201) (#25612)
• [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

• Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

• Preserve whitespace for Quarto cell option comments (#25641)

CLI

• Allow rule names in ruff rule (#25640)

Other changes

• Fix playground diagnostics scrollbars (#25642)

Contributors

• @​SuryanshSS1011
• @​anishgirianish
• @​romero-deshaw
• @​karlhillx
• @​carljm

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.17

Released on 2026-06-11.

Preview features

• Allow human-readable names in suppression comments (#25614)
• Fix handling of ignore comments within a disable/enable pair (#25845)
• Prioritize human-readable names in CLI output (#25869)
• Respect diagnostic start and parent ranges and trailing comments in ruff:ignore suppressions (#25673)
• [flake8-async] Add trio.as_safe_channel to safe decorators (ASYNC119) (#25775)
• [flake8-pytest-style] Also check pytest_asyncio fixtures (#25375)
• [ruff] Ban pytest autouse fixtures (RUF076) (#25477)
• [pyupgrade] Add from __future__ import annotations automatically (UP007, UP045) (#23259)

Bug fixes

• Fix diagnostic when ruff:enable or ruff:disable appears where ruff:ignore is expected (#25700)
• [pyupgrade] Preserve leading empty literals to avoid syntax errors (UP032) (#25491)

Rule changes

• [flake8-pytest-style] Clarify diagnostic message for single parameters (PT007) (#25592)
• [numpy] Drop autofix for np.in1d (NPY201) (#25612)
• [pylint] Exempt Python version comparisons (PLR2004) (#25743)

Performance

• Reserve AST Vecs with correct capacity for common cases (#25451)

Formatter

• Preserve whitespace for Quarto cell option comments (#25641)

CLI

• Allow rule names in ruff rule (#25640)

Other changes

• Fix playground diagnostics scrollbars (#25642)

Contributors

• @​SuryanshSS1011
• @​anishgirianish
• @​romero-deshaw
• @​karlhillx
• @​carljm
• @​ntBre

... (truncated)

Commits

• 7c645a9 Bump 0.15.17 (#25872)
• f381eb1 Prioritize human-readable names in CLI output (#25869)
• b9b4546 Minor workflow simplification (#25870)
• 1e77ba0 [ty] Move PreformattedBlockScanner to format-agnostic location. (#25856)
• 6f2b772 [ty] Preserve nominal type of enum.property instances (#25849)
• be4777c [ty] Fix site-package error when multiple versions of pythons are installed i...
• 53f6ff7 Allow human-readable names in suppression comments (#25614)
• 6740325 [ty] Restrict uncached raw signature access (#25866)
• 970b1bf Auto-update snapshots when syncing typeshed (#25841)
• 0785793 Fix handling of ignore comments within a disable/enable pair (#25845)
• Additional commits viewable in compare view

Updates pre-commit from 4.5.1 to 4.6.0

Release notes

Sourced from pre-commit's releases.

pre-commit v4.6.0

Features

• pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.
  • #3662 PR by @​asottile.

Fixes

• pre-commit hook-impl: --hook-type is required.
  • #3661 PR by @​asottile.

Changelog

Sourced from pre-commit's changelog.

4.6.0 - 2026-04-21

Features

• pre-commit hook-impl: allow --hook-dir to be missing to enable easier usage with git 2.54+ git hooks.
  • #3662 PR by @​asottile.

Fixes

• pre-commit hook-impl: --hook-type is required.
  • #3661 PR by @​asottile.

Commits

• f35134b v4.6.0
• 2a51ffc Merge pull request #3662 from pre-commit/hook-impl-optional-hook-dir
• d7dee32 make --hook-dir optional for hook-impl
• 965aeb1 Merge pull request #3661 from pre-commit/hook-impl-required
• 2eacc06 --hook-type is required for hook-impl
• f5678bf Merge pull request #3657 from pre-commit/pre-commit-ci-update-config
• 054cc5b [pre-commit.ci] pre-commit autoupdate
• 5c0f302 Merge pull request #3652 from pre-commit/pre-commit-ci-update-config
• a5d9114 [pre-commit.ci] pre-commit autoupdate
• 129a1f5 Merge pull request #3641 from pre-commit/mxr-patch-1
• Additional commits viewable in compare view

Updates commitizen from 4.13.10 to 4.16.3

Release notes

Sourced from commitizen's releases.

v4.16.3 (2026-05-30)

Fix

• check: expand env vars in --rev-range (#2005)

v4.16.2 (2026-05-15)

Fix

• tags: widen prerelease and devrelease tag regexes for SemVer2 (#1972)

v4.16.1 (2026-05-15)

Fix

• cz_customize: derive bump_map_major_version_zero from bump_map (#1977)

v4.16.0 (2026-05-12)

Feat

• hooks: support interactive hooks scripts

v4.15.1 (2026-05-06)

Fix

• security: prevent command injection via shell=True (CWE-78) (#1941)

v4.15.0 (2026-05-03)

Feat

• version: add MANUAL_VERSION, --next and --patch to version command (#1724)

v4.14.0 (2026-05-03)

Feat

• add --allow-no-commit to changelog command (#1868)

Commits

• 286da54 bump: version 4.16.2 → 4.16.3
• 8f5b496 fix(check): expand env vars in --rev-range (#2005)
• df8f6a0 docs(cli/screenshots): update CLI screenshots
• 2b4707c test: normalize argparse choice snapshots (#2000)
• c806e26 docs(cli/screenshots): update CLI screenshots
• effd5dd ci(deps): bump uv from 0.11.6 to 0.11.15 (#2004)
• a523e55 docs(cli/screenshots): update CLI screenshots
• 93b74c9 ci(deps): bump pymdown-extensions from 10.21.2 to 10.21.3 (#1995)
• 98f1777 docs(cli/screenshots): update CLI screenshots
• c3f6797 ci(deps): bump peter-evans/create-or-update-comment from 4 to 5 (#1998)
• Additional commits viewable in compare view

Updates pandas-stubs from 3.0.0.260204 to 3.0.3.260530

Commits

• 1a40eec Version 3.0.3.260530
• 0f063ec Make mypy reject float(Series) calls (#1753)
• a073669 GH1415 Enhance typing of Series[Categorical] (#1748)
• 9df3c52 TYP: GH1727 Narrow Series.to_numpy return types based on the dtype argument (...
• 2da5f78 GH1742 fix nightly CI (#1747)
• 84e7d1a BUG: allow kwargs in Styler apply_index and map_index (#1725)
• 82c9851 GH1654 Pandas 3.0 support (#1741)
• 4f6f533 MNT: Fix missing check/assert_type harness where missing (#1749)
• 3bbd508 chore(ci): declare contents: read on test (#1751)
• ee82af5 Modernize project settings in pyproject.toml (#1746)
• Additional commits viewable in compare view

Updates types-requests from 2.32.4.20260107 to 2.33.0.20260518

Commits

• See full diff in compare view

Updates hatchling to 1.30.1

Release notes

Sourced from hatchling's releases.

Hatchling v1.30.1

Fixed

• Default core metadata version kept at 2.4 until more tools support 2.5

Commits

• 37b00c3 release Hatchling v1.30.1 (#2298)
• 0446d99 Update history for new patch release of hatchling after fixing default metada...
• 4f5cdf0 Make 2.4 metadata default until other tools support it. (#2296)
• 0497be0 Fix draft release uploads. (#2293)
• 3aae0fa Fix hatchling to use Metadata 2.4 (#2291)
• 5ee4189 release Hatch v1.17.0 (#2290)
• 6109ee7 release Hatchling v1.30.0 (#2289)
• 246e22b Block duplicate files in wheel archives (closes #2066) (

[github-code-quality]

Code Coverage Overview

Languages: Python

Python / code-coverage/pytest

The overall coverage remains at 89%, unchanged from the main branch.

---

_{Updated June 18, 2026 11:51 UTC
Code Coverage is in Public Preview. Learn more and provide us with your feedback.}

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud