Bump the python-packages group with 6 updates#187
Merged
Conversation
Bumps the python-packages group with 6 updates: | Package | From | To | | --- | --- | --- | | [click](https://github.com/pallets/click) | `8.3.2` | `8.3.3` | | [db-dtypes](https://github.com/googleapis/google-cloud-python) | `1.4.4` | `1.5.1` | | [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.46` | `3.1.47` | | [pandas](https://github.com/pandas-dev/pandas) | `3.0.2` | `2.3.3` | | [prek](https://github.com/j178/prek) | `0.3.9` | `0.3.11` | | [ruff](https://github.com/astral-sh/ruff) | `0.15.11` | `0.15.12` | Updates `click` from 8.3.2 to 8.3.3 - [Release notes](https://github.com/pallets/click/releases) - [Changelog](https://github.com/pallets/click/blob/main/CHANGES.rst) - [Commits](pallets/click@8.3.2...8.3.3) Updates `db-dtypes` from 1.4.4 to 1.5.1 - [Release notes](https://github.com/googleapis/google-cloud-python/releases) - [Changelog](https://github.com/googleapis/google-cloud-python/blob/main/packages/gcp-sphinx-docfx-yaml/CHANGELOG.md) - [Commits](googleapis/google-cloud-python@google-cloud-vmwareengine-v1.4.4...db-dtypes-v1.5.1) Updates `gitpython` from 3.1.46 to 3.1.47 - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.46...3.1.47) Updates `pandas` from 3.0.2 to 2.3.3 - [Release notes](https://github.com/pandas-dev/pandas/releases) - [Commits](pandas-dev/pandas@v3.0.2...v2.3.3) Updates `prek` from 0.3.9 to 0.3.11 - [Release notes](https://github.com/j178/prek/releases) - [Changelog](https://github.com/j178/prek/blob/master/CHANGELOG.md) - [Commits](j178/prek@v0.3.9...v0.3.11) Updates `ruff` from 0.15.11 to 0.15.12 - [Release notes](https://github.com/astral-sh/ruff/releases) - [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md) - [Commits](astral-sh/ruff@0.15.11...0.15.12) --- updated-dependencies: - dependency-name: click dependency-version: 8.3.3 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-packages - dependency-name: db-dtypes dependency-version: 1.5.1 dependency-type: direct:production update-type: version-update:semver-minor dependency-group: python-packages - dependency-name: gitpython dependency-version: 3.1.47 dependency-type: direct:production update-type: version-update:semver-patch dependency-group: python-packages - dependency-name: pandas dependency-version: 2.3.3 dependency-type: direct:production update-type: version-update:semver-major dependency-group: python-packages - dependency-name: prek dependency-version: 0.3.11 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-packages - dependency-name: ruff dependency-version: 0.15.12 dependency-type: direct:development update-type: version-update:semver-patch dependency-group: python-packages ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
added
dependencies
![cubic-dev-ai[bot]](https://avatars.githubusercontent.com/in/1082092?s=60&v=4){kind=small}
There was a problem hiding this comment.
No issues found across 1 file
Architecture diagram
sequenceDiagram
participant App as Application Logic
participant CLI as Click (CLI Framework)
participant Git as GitPython
participant Data as Pandas / db-dtypes
participant OS as OS / Subprocess
Note over App, OS: Impact of Python Package Updates (Security & Execution Flow)
rect rgb(240, 248, 255)
Note over App, OS: CLI & Command Execution Changes
App->>CLI: Invoke command (pager/editor)
CLI->>CLI: CHANGED: Use shlex.split() for argv
CLI->>OS: NEW: Popen() with shell=False
OS-->>CLI: command result
CLI-->>App: return
end
rect rgb(255, 245, 238)
Note over App, Git: Git Operation Hardening
App->>Git: Execute git command with kwargs
alt Unsafe arguments detected
Git->>Git: CHANGED: Block underscored kwargs (GHSA-rpm5-65cw-6hj4)
Git-->>App: Security Error
else Safe arguments
Git->>OS: Execute git process
OS-->>Git: result
Git-->>App: Repo data
end
end
rect rgb(245, 255, 240)
Note over App, Data: Data Processing & Type Mapping
App->>Data: Fetch BigQuery/SQL data
Data->>Data: CHANGED: Map dtypes via db-dtypes 1.5.1
Data->>Data: CHANGED: Process via Pandas 2.3.3
Data-->>App: DataFrame
end
opt Development / CI Flow
App->>App: CHANGED: Run Ruff 0.15.12 (New suppressions)
App->>App: NEW: Prek 0.3.11 (Explicit shell hooks)
end
MaxHalford
added a commit
that referenced
this pull request
May 4, 2026
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the python-packages group with 6 updates:
8.3.28.3.31.4.41.5.13.1.463.1.473.0.22.3.30.3.90.3.110.15.110.15.12Updates
clickfrom 8.3.2 to 8.3.3Release notes
Sourced from click's releases.
Changelog
Sourced from click's changelog.
Commits
c06d2d0Release 8.3.3f1f191eApply format guidelines to commits since latest 8.3.2 release (#3343)bb59ba0Apply format guidelines to commits since latest 8.3.2 release4a35225Reduce blast-radius ofUNSETindefault_map(#3240)c07bb93Merge branch 'stable' into unset-in-default-mapc7e1ba8ReorderParameterSource(#3248)76552ffShow default string in prompt (#3328)ac5cec5Reorder ParameterSource from most to least explicit8c452e0Merge branch 'stable' into show-default-string-in-prompt8c95c73Reconcile default value passing and default activation (#3239)Updates
db-dtypesfrom 1.4.4 to 1.5.1Release notes
Sourced from db-dtypes's releases.
Changelog
Sourced from db-dtypes's changelog.
... (truncated)
Commits
4e80530chore: create a release (#16193)ab44f7echore(deps): update dependency requests to v2.33.0 [security] (#16464)943a979chore(migration): Migrate code from googleapis/sphinx-docfx-yaml into package...e3731d5Merge branch 'main' into migration.gapic-generator-python.migration.2026-03-2...7a05a34chore: create a release (#16191)c23b067fix typoc174901add placeholder for system test nox session0f19d85chore: fix missing heading in changelog (#16189)a16755dchore: librarian onboard pull request: 20260323T111101Z (#16141)9694ce9chore: librarian onboard pull request: 20260323T114549Z (#16143)Updates
gitpythonfrom 3.1.46 to 3.1.47Release notes
Sourced from gitpython's releases.
Commits
4199cb8bump version to 3.1.470f68db0Merge pull request #2131 from WesR/main43d92degit.cmd: harden unsafe option canonicalization and isolate push test cases9aed7cflinter fix1421958Block unsafe underscored git kwargs / Fix for GHSA-rpm5-65cw-6hj4da54523Merge pull request #2130 from gitpython-developers/fix-multi-optionsc9a2678Make sure that multi-options are checked after splitting them withshlex75e6c6bMerge pull request #2126 from ngie-eign/fix-execute-with_stdout-no-issues6fc4742test_avoids_changing...: don't leave test artifacts behindd966a0dgit.cmd.Git.execute(..): fixwith_stdout=FalseUpdates
pandasfrom 3.0.2 to 2.3.3Commits
9c8bc3eRLS: 2.3.36aa788a[backport 2.3.x] DOC: prepare 2.3.3 whatsnew notes for release (#62499) (#62508)b64f0df[backport 2.3.x] BUG: avoid validation error for ufunc with string[python] ar...058eb2b[backport 2.3.x] BUG: String[pyarrow] comparison with mixed object (#62424) (...2ca088d[backport 2.3.x] DEPR: remove the Period resampling deprecation (#62480) (#62...92bf98f[backport 2.3.x] BUG: fix .str.isdigit to honor unicode superscript for older...e57c7d6Backport PR #62452 on branch 2.3.x (TST: Adjust tests for numexpr 2.13) (#62454)e0fe9a0Backport to 2.3.x: REGR: from_records not initializing subclasses properly (#...23a1085BUG: improve future warning for boolean operations with missaligned indexes (...6113696Backport PR #62396 on branch 2.3.x (PKG/DOC: indicate Python 3.14 support in ...Updates
prekfrom 0.3.9 to 0.3.11Release notes
Sourced from prek's releases.
... (truncated)
Changelog
Sourced from prek's changelog.
... (truncated)
Commits
8e731a9Bump version to 0.3.11 (#2018)24302f7Install Ruby executable in gem bin (#2017)adf72c6Update Rust crate rayon to v1.12.0 (#2015)95b8874Update Rust crate webpki-root-certs to v1.0.7 (#2014)2692d83Update Rust crate libc to v0.2.185 (#2013)1477025Update Rust crate tokio to v1.52.1 (#2016)efaf804Update Rust crate clap_complete to v4.6.2 (#2012)12033f7Update Rust crate clap to v4.6.1 (#2011)96ebb94Update Rust crate assert_cmd to v2.2.1 (#2010)55da2dcUpdate GitHub Actions (#2008)Updates
rufffrom 0.15.11 to 0.15.12Release notes
Sourced from ruff's releases.
... (truncated)
Changelog
Sourced from ruff's changelog.
Commits
66f93cfBump 0.15.12 (#24815)476a4d0[ty] Complete support for more detailed diagnostics on possibly unbound error...ed669eaImplement#ruff:file-ignorefile-level suppressions (#23599)e73d952[ty] Include inferred type ininvalid-keyconcise diagnostic for union/inte...80feb29[ty] report only dead annotation-only locals as unused (#24811)0fbf2bcDrop deprecated license classifier (#24808)43b174c[ty] Infer lambda parameter types withCallabletype context (#24317)4f449ae[ty] Add error context for intersection types (#24772)5b4e753[ty] Add support for goto in literal enum member inlay hint (#24792)e7cc762[ty] Add error context for TypedDict assignments (#24790)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditionsSummary by cubic
Refresh Python dependencies to pick up bug fixes and security hardening. Lockfile-only update; no app code changes.
Dependencies
click8.3.2→8.3.3;db-dtypes1.4.4→1.5.1;gitpython3.1.46→3.1.47;pandas3.0.2→2.3.3 (+pytz);prek0.3.9→0.3.11;ruff0.15.11→0.15.12.gitpythonincludes security fixes;clickimproves subprocess safety.Migration
uv syncto update your env.pandasis used (data parsing, time zones).Written for commit 8512615. Summary will update on new commits. Review in cubic