Skip to content

chore(deps): bump the python-minor-patch group across 1 directory with 7 updates#15

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-minor-patch-69447a502e
Closed

chore(deps): bump the python-minor-patch group across 1 directory with 7 updates#15
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-minor-patch-69447a502e

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 29, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-minor-patch group with 7 updates in the / directory:

Package From To
pytest 9.1.0 9.1.1
ruff 0.15.17 0.15.20
pandas 3.0.3 3.0.4
torch 2.12.0 2.12.1
ccxt 4.5.58 4.5.62
yfinance 1.4.1 1.5.1
redis 8.0.0 8.0.1

Updates pytest from 9.1.0 to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

  • #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
  • #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
  • #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
  • #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.
Commits
  • cf470ec Prepare release version 9.1.1
  • e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
  • 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
  • 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
  • b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
  • 9a567e0 [automated] Update plugin list (#14617) (#14618)
  • ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
  • 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
  • 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
  • 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
  • Additional commits viewable in compare view

Updates ruff from 0.15.17 to 0.15.20

Release notes

Sourced from ruff's releases.

0.15.20

Release Notes

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

Install ruff 0.15.20

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.20/ruff-installer.ps1 | iex"

Download ruff 0.15.20

File Platform Checksum
ruff-aarch64-apple-darwin.tar.gz Apple Silicon macOS checksum
ruff-x86_64-apple-darwin.tar.gz Intel macOS checksum
ruff-aarch64-pc-windows-msvc.zip ARM64 Windows checksum
ruff-i686-pc-windows-msvc.zip x86 Windows checksum
ruff-x86_64-pc-windows-msvc.zip x64 Windows checksum
ruff-aarch64-unknown-linux-gnu.tar.gz ARM64 Linux checksum
ruff-i686-unknown-linux-gnu.tar.gz x86 Linux checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.20

Released on 2026-06-25.

Preview features

  • Allow human-readable names in rule selectors (#25887)
  • Emit a warning instead of an error for unknown rule selectors (#26113)
  • Match noqa shebang handling in ruff:ignore comments (#26286)
  • [ruff] Remove pytest-fixture-autouse (RUF076) (#26240, #26371)

Documentation

  • Add versioning sections to custom crate READMEs (#26317)
  • Update ruff_python_parser README for crates.io (#26315)
  • [perflint] Clarify that PERF402 applies to any iterable (#26242)

Contributors

0.15.19

Released on 2026-06-23.

Preview features

  • Support human-readable names when hovering suppression comments and in code actions (#26114)

Bug fixes

  • Fall back to default settings when editor-only settings are invalid (#26244)
  • Fix panic when inserting text at a notebook cell boundary (#26111)

Rule changes

  • [pylint] Update fix suggestions for __floor__, __trunc__, __length_hint__, and __matmul__ variants (PLC2801) (#26239)

Performance

  • Avoid allocating when parsing single string literals (#26200)
  • Avoid reallocating singleton call arguments (#26223)
  • Lazily create source files for lint diagnostics (#26226)
  • Optimize formatter text width and indentation (#26236)
  • Reserve capacity for builtin bindings (#26229)
  • Skip repeated-key checks for singleton dictionaries (#26228)
  • Use ArrayVec for qualified name segments (#26224)

... (truncated)

Commits
  • f82a36b Bump 0.15.20 (#26376)
  • af32943 Improve the summarise-ecosystem-results skill (#26378)
  • 485ebab Remove RUF076 name from schema (#26371)
  • ef81835 [ty] Implement rust-analyzer's "Click for full compiler diagnostic" feature (...
  • 572b31e [ruff] Remove pytest-fixture-autouse (RUF076) (#26240)
  • f703f21 Allow human-readable names in rule selectors (#25887)
  • 0d726b2 [ty] Reuse equality semantics for membership compatibility (#25955)
  • dbe6e98 [ty] Infer definite equality comparison results (#26337)
  • e700ea3 [ty] Prove TypedDict structural patterns exhaustive (#26285)
  • 6a0d2ec [ty] Widen inferred class-valued instance attributes (#26338)
  • Additional commits viewable in compare view

Updates pandas from 3.0.3 to 3.0.4

Release notes

Sourced from pandas's releases.

pandas 3.0.4

We are pleased to announce the release of pandas 3.0.4. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits
  • 8188eb1 RLS: 3.0.4 (#66079)
  • bd35f15 [3.0.x] BUG: fix CoW issue in eval() (#66072)
  • 6195872 [backport 3.0.x] BUG: anchor whole alternation in Series.str.match for PyArro...
  • 70313be Backport PR #66051 on branch 3.0.x (BUG: fix regression in DataFrame setitem ...
  • 57ed3e2 [backport 3.0.x] Bump pypa/cibuildwheel from 3.4.1 to 4.1.0 (#65934) (#66026)
  • f9693fc [backport 3.0.x] BUG(pandas 3.0 regression): drop(index=...) doesn't accept N...
  • 9760fff [backport 3.0.x] BUG: support for operations with custom objects / object dty...
  • f03f3ab [backport 3.0.x] ENH: fallback to zoneinfo Python API (for correct tz localiz...
  • 774a50d Backport PR #65066 on branch 3.0.x (BUG: escape SQL identifiers in ADBCDataba...
  • 15494e8 [3.0.x] BUG: fix segfault adding non-tick DateOffset to datetime data under t...
  • Additional commits viewable in compare view

Updates torch from 2.12.0 to 2.12.1

Release notes

Sourced from torch's releases.

PyTorch 2.12.1 Release, bug fix release

This release is meant to fix the following regressions and silent correctness issues:

Regression fixes

  • Fix nondeterministic outputs in test_batch_invariance with FLASH_ATTN on NVIDIA B200 GPUs (#181248), fixed by updating Triton to 3.7.1 (#186814)
  • Fix illegal memory access in the Triton convolution2d_bwd_weight kernel on B100/B200 (sm100) GPUs (#187081), fixed by updating Triton to 3.7.1 (#186814)
  • Fix fill_ on byte-dtype views with misaligned storage offset (#186821)

Releng / Build

  • Drop CPython 3.13t from the binary build matrix (#182951)
Commits

Updates ccxt from 4.5.58 to 4.5.62

Release notes

Sourced from ccxt's releases.

v4.5.62

What's Changed

New Contributors

Full Changelog: ccxt/ccxt@v4.5.61...v4.5.62

v4.5.61

What's Changed

Full Changelog: ccxt/ccxt@v4.5.60...v4.5.61

v4.5.60

What's Changed

... (truncated)

Commits
  • 4965ce2 [Automated changes] 4.5.62
  • d991315 [Automated changes] GO files
  • 16c8779 [Automated changes] C# files
  • 27a2af4 [Automated changes] Java files
  • a633c45 [Automated changes] JS files
  • e534134 [Automated changes] PHP files
  • 8720fcc [Automated changes] Python files
  • 89e0be7 fix(bingx): read trading-fee response after the API call in fetchTradingFee (...
  • d116ada [Automated changes] JS files
  • 1a53b03 feat(htx): V5 linear websocket support (#29017)
  • Additional commits viewable in compare view

Updates yfinance from 1.4.1 to 1.5.1

Release notes

Sourced from yfinance's releases.

1.5.1

Version 1.5.0 retracted - I forgot to merge in dev branch

Minor changes

  • Handle fundamentals fetch time-out
  • Optimise valuation-measures fetch

Patches

  • Login, info, price repair

Full changelog #2862

Thanks @​dokson @​avesed @​gyx09212214-prog @​HaozheZhang6 @​parthdongre @​joaopedroassad @​he-yufeng

Changelog

Sourced from yfinance's changelog.

Changelog

Unreleased

Commits

Updates redis from 8.0.0 to 8.0.1

Release notes

Sourced from redis's releases.

8.0.1

Changes

🐛 Bug Fixes

  • Fix Unix socket maintenance notification handling and tests (#4097)
  • Fix async cluster node connection release on write errors (#4111)
  • Fixed async MultiDBClient with underlying RedisCluster (#4108)
  • Fix hiredis readiness checks for high file descriptors (#4115)
  • fix(search): parse RESP3 FT.SEARCH responses with bytes-typed keys (#4109)
  • Fixing pubsub's listen method to be blocking. (#4119)
  • fix(asyncio): release pooled connection when Pipeline.reset() is cancelled (#4123)
  • Avoid per-check fd allocation in hiredis _socket_can_read() — use poll() instead of a per-call selector (#4118)

🧰 Maintenance

  • Updating PyJWT dependency. (#4100)
  • Update CI badge in README.md (#4099)
  • Add missing url query argument parser for ssl_min_version (#4047)
  • ci: least-privilege permissions on spellcheck (read) and stale-issues (job-level write for actions/stale) (#4080)
  • Bumping github-versions actions (#4102)
  • Updating lib version + supported Redis versions in README.md + updating the Redis versions in CI test matrix (#4092)

We'd like to thank all the contributors who worked on this release! @​violuke @​mokashang @​arpitjain099 @​coredumperror @​elena-kolevska @​vladvildanov @​petyaslavova

Commits
  • 7c0fd11 Updating lib version to 8.0.1
  • b7a4d7d Avoid per-check fd allocation in hiredis _socket_can_read() — use poll() ...
  • eec778e fix(asyncio): release pooled connection when Pipeline.reset() is cancelled (#...
  • 08e01bb Fixing pubsub's listen method to be blocking. (#4119)
  • 3d5257a fix(search): parse RESP3 FT.SEARCH responses with bytes-typed keys (#4109)
  • cce28ff Fix hiredis readiness checks for high file descriptors (#4115)
  • e20691c Fixed async MultiDBClient with underlying RedisCluster (#4108)
  • ea37fcc Fix async cluster node connection release on write errors (#4111)
  • f4146fa Updating lib version + supported Redis versions in README.md + updating the R...
  • d47674e Bumping github-versions actions (#4102)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

…h 7 updates

Bumps the python-minor-patch group with 7 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [pytest](https://github.com/pytest-dev/pytest) | `9.1.0` | `9.1.1` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.17` | `0.15.20` |
| [pandas](https://github.com/pandas-dev/pandas) | `3.0.3` | `3.0.4` |
| [torch](https://github.com/pytorch/pytorch) | `2.12.0` | `2.12.1` |
| [ccxt](https://github.com/ccxt/ccxt) | `4.5.58` | `4.5.62` |
| [yfinance](https://github.com/ranaroussi/yfinance) | `1.4.1` | `1.5.1` |
| [redis](https://github.com/redis/redis-py) | `8.0.0` | `8.0.1` |



Updates `pytest` from 9.1.0 to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.1.0...9.1.1)

Updates `ruff` from 0.15.17 to 0.15.20
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.17...0.15.20)

Updates `pandas` from 3.0.3 to 3.0.4
- [Release notes](https://github.com/pandas-dev/pandas/releases)
- [Commits](pandas-dev/pandas@v3.0.3...v3.0.4)

Updates `torch` from 2.12.0 to 2.12.1
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v2.12.0...v2.12.1)

Updates `ccxt` from 4.5.58 to 4.5.62
- [Release notes](https://github.com/ccxt/ccxt/releases)
- [Commits](ccxt/ccxt@v4.5.58...v4.5.62)

Updates `yfinance` from 1.4.1 to 1.5.1
- [Release notes](https://github.com/ranaroussi/yfinance/releases)
- [Changelog](https://github.com/ranaroussi/yfinance/blob/main/CHANGELOG.md)
- [Commits](ranaroussi/yfinance@1.4.1...1.5.1)

Updates `redis` from 8.0.0 to 8.0.1
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v8.0.0...v8.0.1)

---
updated-dependencies:
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: ruff
  dependency-version: 0.15.20
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: pandas
  dependency-version: 3.0.4
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: torch
  dependency-version: 2.12.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: ccxt
  dependency-version: 4.5.62
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
- dependency-name: yfinance
  dependency-version: 1.5.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-minor-patch
- dependency-name: redis
  dependency-version: 8.0.1
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-minor-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 29, 2026
@dependabot dependabot Bot requested a review from magnaquant as a code owner June 29, 2026 16:47
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 29, 2026
@magnaquant

Copy link
Copy Markdown
Owner

Closing: this repository binds paper and expansion artifacts to poetry.lock and pyproject.toml (they are release-critical fingerprinted paths in paper/results/manifest.json and paper/expansion/results/manifest.json), and CI additionally verifies the requirements/ exports match poetry.lock. A lock-only bump therefore always fails the drift gate and the provenance tests by design. Dependency updates land via a coordinated refresh instead: edit pyproject.toml, run scripts/update_dependency_locks.sh, regenerate both artifact releases from a clean source commit, and merge as a reviewed PR. This bump will be included in the next coordinated refresh.

@magnaquant magnaquant closed this Jul 2, 2026
@dependabot @github

dependabot Bot commented on behalf of github Jul 2, 2026

Copy link
Copy Markdown
Contributor Author

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot Bot deleted the dependabot/pip/python-minor-patch-69447a502e branch July 2, 2026 05:18
magnaquant pushed a commit that referenced this pull request Jul 2, 2026
Lock-level updates within existing pyproject constraints: ccxt 4.5.63,
pytest 9.1.1, redis 8.0.1, ruff 0.15.20, torch 2.12.1 (with transitive
triton 3.7.1), and yfinance 1.5.1. pandas stays at 3.0.3 because 3.0.4 is
yanked on PyPI, so the computation stack (pandas, numpy, scipy,
scikit-learn) is unchanged by this refresh. pyproject.toml untouched.

Supersedes the routine portion of the closed Dependabot group PR #15;
requirements exports regenerated with the pinned Poetry toolchain. Release
artifacts are regenerated in the follow-up commit because poetry.lock is a
release-critical fingerprinted input.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant