From 2df585202d202898595c21a8608a12eab7c4b5e0 Mon Sep 17 00:00:00 2001
From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com>
Date: Tue, 23 Jun 2026 17:09:48 +0000
Subject: [PATCH 1/5] Bump the pip-dependencies group across 1 directory with
 32 updates

---
updated-dependencies:
- dependency-name: beautifulsoup4
  dependency-version: 4.15.0
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: black
  dependency-version: 25.11.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: pip-dependencies
- dependency-name: celery
  dependency-version: 5.6.3
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: diskcache
  dependency-version: 5.6.3
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: fire
  dependency-version: 0.7.1
  dependency-type: direct:development
  dependency-group: pip-dependencies
- dependency-name: flake8
  dependency-version: 7.3.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-dependencies
- dependency-name: flask
  dependency-version: 3.1.3
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: flask-talisman
  dependency-version: 1.1.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-dependencies
- dependency-name: janus
  dependency-version: 2.0.0
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: jupyterlab
  dependency-version: 4.5.8
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: kombu
  dependency-version: 5.6.2
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: lxml
  dependency-version: 6.1.1
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: mimesis
  dependency-version: 12.1.0
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: mock
  dependency-version: 5.2.0
  dependency-type: direct:production
  update-type: version-update:semver-major
  dependency-group: pip-dependencies
- dependency-name: multiprocess
  dependency-version: 0.70.19
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: numpy
  dependency-version: 2.0.2
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: orjson
  dependency-version: 3.11.5
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: pandas
  dependency-version: 2.3.3
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: plotly
  dependency-version: 6.8.0
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: psutil
  dependency-version: 7.2.2
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: pydantic
  dependency-version: 2.13.4
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: pylint
  dependency-version: 3.3.9
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: pip-dependencies
- dependency-name: pyright
  dependency-version: 1.1.410
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: pip-dependencies
- dependency-name: pytest
  dependency-version: 8.4.2
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: pyyaml
  dependency-version: 6.0.3
  dependency-type: direct:development
  dependency-group: pip-dependencies
- dependency-name: pyzmq
  dependency-version: 27.1.0
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: redis
  dependency-version: 7.0.1
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: requests
  dependency-version: 2.32.5
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: selenium
  dependency-version: 4.36.0
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: typing-extensions
  dependency-version: 4.15.0
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: waitress
  dependency-version: 3.0.2
  dependency-type: direct:production
  dependency-group: pip-dependencies
- dependency-name: xlrd
  dependency-version: 2.0.2
  dependency-type: direct:production
  dependency-group: pip-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
---
 requirements/celery.txt    |  6 +++---
 requirements/ci.txt        | 26 +++++++++++++-------------
 requirements/dev.txt       |  4 ++--
 requirements/diskcache.txt |  6 +++---
 requirements/install.txt   | 10 +++++-----
 requirements/testing.txt   | 16 ++++++++--------
 6 files changed, 34 insertions(+), 34 deletions(-)

diff --git a/requirements/celery.txt b/requirements/celery.txt
index cd97a92bad..03a289705d 100644
--- a/requirements/celery.txt
+++ b/requirements/celery.txt
@@ -1,4 +1,4 @@
 # Dependencies used by the CeleryLongCallbackManager
-redis>=3.5.3,<=5.0.4
-kombu<5.4.0
-celery[redis]>=5.1.2,<5.4.0
+redis<=7.0.1,>=7.0.1
+kombu<5.7.0
+celery[redis]>=5.6.3,<5.7.0
diff --git a/requirements/ci.txt b/requirements/ci.txt
index 8e18280d04..a775b92024 100644
--- a/requirements/ci.txt
+++ b/requirements/ci.txt
@@ -1,23 +1,23 @@
 # Dependencies used by CI on github.com/plotly/dash
-black==22.3.0
-flake8==7.0.0
+black==25.11.0
+flake8==7.3.0
 flaky==3.8.1
-flask-talisman==1.0.0
+flask-talisman==1.1.0
 ipython<9.0.0
-mimesis<=11.1.0
-mock==4.0.3
-numpy<=1.26.3
-orjson>=3.10.11
+mimesis<=12.1.0
+mock==5.2.0
+numpy<=2.0.2
+orjson>=3.11.5
 openpyxl
-pandas>=1.4.0
+pandas>=2.3.3
 pyarrow
-pylint==3.0.3
+pylint==3.3.9
 pytest-mock
 pytest-split
 pytest-sugar==1.1.1
-pyzmq>=26.0.0
-xlrd>=2.0.1
+pyzmq>=27.1.0
+xlrd>=2.0.2
 pytest-rerunfailures
-jupyterlab<4.0.0
-pyright==1.1.398;python_version>="3.7"
+jupyterlab<5.0.0
+pyright==1.1.410;python_version>="3.7"
 mypy==1.15.0;python_version>="3.12"
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 22a770dca3..5c88573755 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -1,4 +1,4 @@
 # Dependencies used for development new Dash components
 coloredlogs>=15.0.1
-fire>=0.4.0
-PyYAML>=5.4.1
+fire>=0.7.1
+PyYAML>=6.0.3
diff --git a/requirements/diskcache.txt b/requirements/diskcache.txt
index 59be4d2b79..3bcda7365b 100644
--- a/requirements/diskcache.txt
+++ b/requirements/diskcache.txt
@@ -1,4 +1,4 @@
 # Dependencies used by the DiskcacheLongCallbackManager
-diskcache>=5.2.1
-multiprocess>=0.70.12
-psutil>=5.8.0
+diskcache>=5.6.3
+multiprocess>=0.70.19
+psutil>=7.2.2
diff --git a/requirements/install.txt b/requirements/install.txt
index 1dedc8662c..a72be76810 100644
--- a/requirements/install.txt
+++ b/requirements/install.txt
@@ -1,12 +1,12 @@
-Flask>=1.0.4,<3.2
+Flask>=3.1.3,<3.2
 Werkzeug<3.2
-plotly>=5.0.0
+plotly>=6.8.0
 importlib-metadata
-typing_extensions>=4.1.1
+typing_extensions>=4.15.0
 requests
 retrying
 nest-asyncio
 setuptools
-janus>=1.0.0
-pydantic>=2.10
+janus>=2.0.0
+pydantic>=2.13.4
 mcp>=1.23.0; python_version>="3.10"
diff --git a/requirements/testing.txt b/requirements/testing.txt
index 306ec4f0d6..b86946a52b 100644
--- a/requirements/testing.txt
+++ b/requirements/testing.txt
@@ -1,12 +1,12 @@
 # Dependencies necessary for utilizing Dash provided testing utilities
-beautifulsoup4>=4.8.2
+beautifulsoup4>=4.15.0
 cryptography
-lxml>=4.6.2
+lxml>=6.1.1
 percy-python-selenium>=1.0.0
-pytest>=6.0.2
-requests[security]>=2.21.0
-selenium>=3.141.0,<=4.2.0
-waitress>=1.4.4
-multiprocess>=0.70.12
-psutil>=5.8.0
+pytest>=8.4.2
+requests[security]>=2.32.5
+selenium<=4.36.0,>=4.36.0
+waitress>=3.0.2
+multiprocess>=0.70.19
+psutil>=7.2.2
 dash_testing_stub>=0.0.2

From c196c0dc96ed35b5d937684890b985b66ccf2f34 Mon Sep 17 00:00:00 2001
From: philippe <t4rk@outlook.com>
Date: Tue, 23 Jun 2026 13:19:01 -0400
Subject: [PATCH 2/5] fix pip dependabot

---
 .github/dependabot.yml | 5 +++++
 requirements/ci.txt    | 2 +-
 2 files changed, 6 insertions(+), 1 deletion(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index c004e1c1d2..4ec887586f 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -157,3 +157,8 @@ updates:
         applies-to: security-updates
         patterns:
           - "*"
+    # jupyterlab is pinned <4.0.0: jupyterlab 4.x ships jlpm as Yarn Berry, which
+    # cannot consume @plotly/dash-jupyterlab's Yarn 1 lockfile and breaks the build.
+    ignore:
+      - dependency-name: "jupyterlab"
+        versions: [">=4.0.0"]
diff --git a/requirements/ci.txt b/requirements/ci.txt
index a775b92024..9b9c311184 100644
--- a/requirements/ci.txt
+++ b/requirements/ci.txt
@@ -18,6 +18,6 @@ pytest-sugar==1.1.1
 pyzmq>=27.1.0
 xlrd>=2.0.2
 pytest-rerunfailures
-jupyterlab<5.0.0
+jupyterlab<4.0.0
 pyright==1.1.410;python_version>="3.7"
 mypy==1.15.0;python_version>="3.12"

From b37fabf9f2f9b0bc805c64fa4020a8294905995e Mon Sep 17 00:00:00 2001
From: philippe <t4rk@outlook.com>
Date: Tue, 23 Jun 2026 14:42:39 -0400
Subject: [PATCH 3/5] fix pip dependabot

---
 .github/dependabot.yml   |  4 ++++
 requirements/install.txt | 10 +++++-----
 2 files changed, 9 insertions(+), 5 deletions(-)

diff --git a/.github/dependabot.yml b/.github/dependabot.yml
index 4ec887586f..b482fddb94 100644
--- a/.github/dependabot.yml
+++ b/.github/dependabot.yml
@@ -148,6 +148,10 @@ updates:
       day: "monday"
     cooldown:
       default-days: 14
+    # Keep lower bounds (e.g. Flask>=1.0.4 in install.txt) low: only raise a
+    # floor when the latest release is incompatible with the current range.
+    # Exact (==) pins in ci/dev/testing still update as normal.
+    versioning-strategy: increase-if-necessary
     groups:
       pip-dependencies:
         applies-to: version-updates
diff --git a/requirements/install.txt b/requirements/install.txt
index a72be76810..1dedc8662c 100644
--- a/requirements/install.txt
+++ b/requirements/install.txt
@@ -1,12 +1,12 @@
-Flask>=3.1.3,<3.2
+Flask>=1.0.4,<3.2
 Werkzeug<3.2
-plotly>=6.8.0
+plotly>=5.0.0
 importlib-metadata
-typing_extensions>=4.15.0
+typing_extensions>=4.1.1
 requests
 retrying
 nest-asyncio
 setuptools
-janus>=2.0.0
-pydantic>=2.13.4
+janus>=1.0.0
+pydantic>=2.10
 mcp>=1.23.0; python_version>="3.10"

From ba82120d01b951a26ac0f14d1141c28db1e5854e Mon Sep 17 00:00:00 2001
From: philippe <t4rk@outlook.com>
Date: Thu, 25 Jun 2026 10:05:34 -0400
Subject: [PATCH 4/5] reset pip minimums

---
 requirements/celery.txt    |  6 +++---
 requirements/dev.txt       |  4 ++--
 requirements/diskcache.txt |  6 +++---
 requirements/testing.txt   | 16 ++++++++--------
 4 files changed, 16 insertions(+), 16 deletions(-)

diff --git a/requirements/celery.txt b/requirements/celery.txt
index 03a289705d..cd97a92bad 100644
--- a/requirements/celery.txt
+++ b/requirements/celery.txt
@@ -1,4 +1,4 @@
 # Dependencies used by the CeleryLongCallbackManager
-redis<=7.0.1,>=7.0.1
-kombu<5.7.0
-celery[redis]>=5.6.3,<5.7.0
+redis>=3.5.3,<=5.0.4
+kombu<5.4.0
+celery[redis]>=5.1.2,<5.4.0
diff --git a/requirements/dev.txt b/requirements/dev.txt
index 5c88573755..22a770dca3 100644
--- a/requirements/dev.txt
+++ b/requirements/dev.txt
@@ -1,4 +1,4 @@
 # Dependencies used for development new Dash components
 coloredlogs>=15.0.1
-fire>=0.7.1
-PyYAML>=6.0.3
+fire>=0.4.0
+PyYAML>=5.4.1
diff --git a/requirements/diskcache.txt b/requirements/diskcache.txt
index 3bcda7365b..59be4d2b79 100644
--- a/requirements/diskcache.txt
+++ b/requirements/diskcache.txt
@@ -1,4 +1,4 @@
 # Dependencies used by the DiskcacheLongCallbackManager
-diskcache>=5.6.3
-multiprocess>=0.70.19
-psutil>=7.2.2
+diskcache>=5.2.1
+multiprocess>=0.70.12
+psutil>=5.8.0
diff --git a/requirements/testing.txt b/requirements/testing.txt
index b86946a52b..306ec4f0d6 100644
--- a/requirements/testing.txt
+++ b/requirements/testing.txt
@@ -1,12 +1,12 @@
 # Dependencies necessary for utilizing Dash provided testing utilities
-beautifulsoup4>=4.15.0
+beautifulsoup4>=4.8.2
 cryptography
-lxml>=6.1.1
+lxml>=4.6.2
 percy-python-selenium>=1.0.0
-pytest>=8.4.2
-requests[security]>=2.32.5
-selenium<=4.36.0,>=4.36.0
-waitress>=3.0.2
-multiprocess>=0.70.19
-psutil>=7.2.2
+pytest>=6.0.2
+requests[security]>=2.21.0
+selenium>=3.141.0,<=4.2.0
+waitress>=1.4.4
+multiprocess>=0.70.12
+psutil>=5.8.0
 dash_testing_stub>=0.0.2

From 573a87a08443e0424117555b73fea1897f5d2e4f Mon Sep 17 00:00:00 2001
From: philippe <t4rk@outlook.com>
Date: Thu, 25 Jun 2026 10:44:53 -0400
Subject: [PATCH 5/5] reset ci deps

---
 requirements/ci.txt | 24 ++++++++++++------------
 1 file changed, 12 insertions(+), 12 deletions(-)

diff --git a/requirements/ci.txt b/requirements/ci.txt
index 9b9c311184..8e18280d04 100644
--- a/requirements/ci.txt
+++ b/requirements/ci.txt
@@ -1,23 +1,23 @@
 # Dependencies used by CI on github.com/plotly/dash
-black==25.11.0
-flake8==7.3.0
+black==22.3.0
+flake8==7.0.0
 flaky==3.8.1
-flask-talisman==1.1.0
+flask-talisman==1.0.0
 ipython<9.0.0
-mimesis<=12.1.0
-mock==5.2.0
-numpy<=2.0.2
-orjson>=3.11.5
+mimesis<=11.1.0
+mock==4.0.3
+numpy<=1.26.3
+orjson>=3.10.11
 openpyxl
-pandas>=2.3.3
+pandas>=1.4.0
 pyarrow
-pylint==3.3.9
+pylint==3.0.3
 pytest-mock
 pytest-split
 pytest-sugar==1.1.1
-pyzmq>=27.1.0
-xlrd>=2.0.2
+pyzmq>=26.0.0
+xlrd>=2.0.1
 pytest-rerunfailures
 jupyterlab<4.0.0
-pyright==1.1.410;python_version>="3.7"
+pyright==1.1.398;python_version>="3.7"
 mypy==1.15.0;python_version>="3.12"