chore(deps): Bump the python-dependencies group across 1 directory with 5 updates

[dependabot]

Bumps the python-dependencies group with 5 updates in the / directory:

Package	From	To
bigframes	2.27.0	2.30.0
pandera	0.26.1	0.27.0
numpy	2.3.4	2.3.5
mypy	1.18.2	1.19.0
ruff	0.14.2	0.14.8

Updates bigframes from 2.27.0 to 2.30.0

Release notes

Sourced from bigframes's releases.

bigframes 2.30.0

2.30.0 (2025-12-03)

Features

• Support mixed scalar-analytic expressions (#2239) (20ab469d)

• Allow drop_duplicates over unordered dataframe (#2303) (52665fa5)

• Preserve source names better for more readable sql (#2243) (64995d65)

• use end user credentials for bigframes.bigquery.ai functions when connection_id is not present (#2272) (7c062a68)

• pivot_table supports fill_value arg (#2257) (8f490e68)

• Support builtins funcs for df.agg (#2256) (956a5b00)

• add bigquery.json_keys (#2286) (b487cf1f)

• Add agg/aggregate methods to windows (#2288) (c4cb39dc)

• Add bigframes.pandas.crosstab (#2231) (c62e5535)

• Implement single-column sorting for interactive table widget (#2255) (d1ecc61b)

Bug Fixes

• Pass credentials properly for read api instantiation (#2280) (3e3fe259)

• Update max_instances default to reflect actual value (#2302) (4489687e)

• Improve Anywidget pagination and display for unknown row counts (#2258) (508deae5)

• Fix issue with stream upload batch size upload limit (#2290) (6cdf64b0)

• calling info() on empty dataframes no longer leads to errors (#2267) (95a83f77)

• do not warn with DefaultIndexWarning in partial ordering mode (#2230) (cc2dbae6)

Documentation

• update docs and tests for Gemini 2.5 models (#2279) (08c0c0c8)

• Add Google Analytics configuration to conf.py (#2301) (0b266da1)

• fix LogisticRegression docs rendering (#2295) (32e53134)

• update API reference to new dataframes.bigquery.dev location (#2293) (da064397)

• use autosummary to split documentation pages (#2251) (f7fd2d20)

... (truncated)

Changelog

Sourced from bigframes's changelog.

2.30.0 (2025-12-03)

Documentation

• Add Google Analytics configuration to conf.py (#2301) (0b266da10f4d3d0ef9b4dd71ddadebfc7d5064ca)
• fix LogisticRegression docs rendering (#2295) (32e531343c764156b45c6fb9de49793d26c19f02)
• update API reference to new dataframes.bigquery.dev location (#2293) (da064397acd2358c16fdd9659edf23afde5c882a)
• use autosummary to split documentation pages (#2251) (f7fd2d20896fe3e0e210c3833b6a4c3913270ebc)
• update docs and tests for Gemini 2.5 models (#2279) (08c0c0c8fe8f806f6224dc403a3f1d4db708573a)

Features

• Allow drop_duplicates over unordered dataframe (#2303) (52665fa57ef13c58254bfc8736afcc521f7f0f11)
• Add agg/aggregate methods to windows (#2288) (c4cb39dcbd388356f5f1c48ff28b19b79b996485)
• Implement single-column sorting for interactive table widget (#2255) (d1ecc61bf448651a0cca0fc760673da54f5c2183)
• add bigquery.json_keys (#2286) (b487cf1f6ecacb1ee3b35ffdd934221516bbd558)
• use end user credentials for bigframes.bigquery.ai functions when connection_id is not present (#2272) (7c062a68c6a3c9737865985b4f1fd80117490c73)
• pivot_table supports fill_value arg (#2257) (8f490e68a9a2584236486060ad3b55923781d975)
• Support mixed scalar-analytic expressions (#2239) (20ab469d29767a2f04fe02aa66797893ecd1c539)
• Support builtins funcs for df.agg (#2256) (956a5b00dff55b73e3cbebb4e6e81672680f1f63)
• Preserve source names better for more readable sql (#2243) (64995d659837a8576b2ee9335921904e577c7014)
• Add bigframes.pandas.crosstab (#2231) (c62e5535ed4c19b6d65f9a46cb1531e8099621b2)

Bug Fixes

• Update max_instances default to reflect actual value (#2302) (4489687eafc9a1ea1b985600010296a4245cef94)
• Fix issue with stream upload batch size upload limit (#2290) (6cdf64b0674d0e673f86362032d549316850837b)
• Pass credentials properly for read api instantiation (#2280) (3e3fe259567d249d91f90786a577b05577e2b9fd)
• Improve Anywidget pagination and display for unknown row counts (#2258) (508deae5869e06cdad7bb94537c9c58d8f083d86)
• calling info() on empty dataframes no longer leads to errors (#2267) (95a83f7774766cd19cb583dfaa3417882b5c9b1e)
• do not warn with DefaultIndexWarning in partial ordering mode (#2230) (cc2dbae684103a21fe8838468f7eb8267188780d)

2.29.0 (2025-11-10)

Features

• Add bigframes.bigquery.st_regionstats to join raster data from Earth Engine (#2228) (10ec52f)
• Add DataFrame.resample and Series.resample (#2213) (c9ca02c)
• SQL Cell no longer escapes formatted string values (#2245) (d2d38f9)
• Support left_index and right_index for merge (#2220) (da9ba26)

Bug Fixes

• Correctly iterate over null struct values in ManagedArrowTable (#2209) (12e04d5)
• Simplify UnsupportedTypeError message (#2212) (6c9a18d)

... (truncated)

Commits

• 37c685d chore: release 2.30.0 (#2308)
• cca20ea fix: Fix reset_index level=0 bugs (#2307)
• 52665fa feat: Allow drop_duplicates over unordered dataframe (#2303)
• 41630b5 refactor: Migrate DataFrame display to use IPython's repr_mimebundle() prot...
• 0b266da docs: Add Google Analytics configuration to conf.py (#2301)
• a211753 chore: fix librarian release current version (#2305)
• 4489687 fix: Update max_instances default to reflect actual value (#2302)
• aae1b04 refactor: fix some string ops in the sqlglot compiler. (#2299)
• 33a211e refactor: fix agg_ops.DiffOp for Datetime and Timestamp (#2296)
• 9e0f70b refactor: fix ops.StrftimeOp, ops.ToDatetimeOp, ops.ToTimestampOp in sqlglot ...
• Additional commits viewable in compare view

Updates pandera from 0.26.1 to 0.27.0

Commits

• ff8674a Use Ruff instead of Black, pyupgrade and isort (#2171)
• 496a7cb add codecov token to ci (#2175)
• b48e0e3 fix: remove pandas.concat signature hook (#2173)
• 597fea7 optimize pandas MultiIndex validation by avoiding materializing level values ...
• cc6f119 Support Python 3.14 (#2158)
• 34dbe2d Implement drop_invalid_rows for the Ibis backend (#2151)
• a7d709e Fix: Add enum.Enum serialization support for to_json() (#2163)
• 46f2258 Do not pass removed name argument to memtables (#2162)
• 3336db3 Bugfix/1994 Error loading frictionless schema (#2159)
• 48ba659 feat: create empty dataframe with index (and multiindex) when present in the ...
• Additional commits viewable in compare view

Updates numpy from 2.3.4 to 2.3.5

Release notes

Sourced from numpy's releases.

2.3.5 (Nov 16, 2025)

NumPy 2.3.5 Release Notes

The NumPy 2.3.5 release is a patch release split between a number of maintenance updates and bug fixes. This release supports Python versions 3.11-3.14.

Contributors

A total of 10 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Aaron Kollasch +
• Charles Harris
• Joren Hammudoglu
• Matti Picus
• Nathan Goldbaum
• Rafael Laboissière +
• Sayed Awad
• Sebastian Berg
• Warren Weckesser
• Yasir Ashfaq +

Pull requests merged

A total of 16 pull requests were merged for this release.

• #29979: MAINT: Prepare 2.3.x for further development
• #30026: SIMD, BLD: Backport FPMATH mode on x86-32 and filter successor...
• #30029: MAINT: Backport write_release.py
• #30041: TYP: Various typing updates
• #30059: BUG: Fix np.strings.slice if stop=None or start and stop >= len...
• #30063: BUG: Fix np.strings.slice if start > stop
• #30076: BUG: avoid negating INT_MIN in PyArray_Round implementation (#30071)
• #30090: BUG: Fix resize when it contains references (#29970)
• #30129: BLD: update scipy-openblas, use -Dpkg_config_path (#30049)
• #30130: BUG: Avoid compilation error of wrapper file generated with SWIG...
• #30157: BLD: use scipy-openblas 0.3.30.7 (#30132)
• #30158: DOC: Remove nonexistent order parameter docs of ma.asanyarray...
• #30185: BUG: Fix check of PyMem_Calloc return value. (#30176)
• #30217: DOC: fix links for newly rebuilt numpy-tutorials site
• #30218: BUG: Fix build on s390x with clang (#30214)
• #30237: ENH: Make FPE blas check a runtime check for all apple arm systems

Commits

• c3d60fc Merge pull request #30238 from charris/prepare-2.3.5
• 11451fa REL: Prepare for the NumPy 2.3.5 release
• eab5bd4 Merge pull request #30237 from charris/backport-30102
• 7cea31a Fixup merge of multiarraymodule.c
• b898173 Update numpy/_core/src/common/blas_utils.h
• f755483 Report FPE ignoring in matmul in show_runtime()
• c47116f Move test to Python
• bd7b93f ooops, needs to be a calloc of course.
• 83a1517 Guard for HAVE_CBLAS and always compile the helpers
• ab680ef ENH: Make FPE blas check a runtime check for all arm systems
• Additional commits viewable in compare view

Updates mypy from 1.18.2 to 1.19.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Drop Support for Python 3.9

Mypy no longer supports running with Python 3.9, which has reached end-of-life. When running mypy with Python 3.10+, it is still possible to type check code that needs to support Python 3.9 with the --python-version 3.9 argument. Support for this will be dropped in the first half of 2026!

Contributed by Marc Mueller (PR 20156).

Mypy 1.19

We’ve just uploaded mypy 1.19.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

Python 3.9 Support Ending Soon

This is the last mypy feature release that supports Python 3.9, which reached end of life in October 2025.

Performance Improvements

• Switch to a more dynamic SCC processing logic (Ivan Levkivskyi, PR 20053)
• Speed up type aliases (Ivan Levkivskyi, PR 19810)

Fixed‑Format Cache Improvements

Mypy uses a cache by default to speed up incremental runs by reusing partial results from earlier runs. Mypy 1.18 added a new binary fixed-format cache representation as an experimental feature. The feature is no longer experimental, and we are planning to enable it by default in a future mypy release (possibly 1.20), since it's faster and uses less space than the original, JSON-based cache format. Use --fixed-format-cache to enable the fixed-format cache.

Mypy now has an extra dependency on the librt PyPI package, as it's needed for cache serialization and deserialization.

Mypy ships with a tool to convert fixed-format cache files to the old JSON format. Example of how to use this:

$ python -m mypy.exportjson .mypy_cache/.../my_module.data.ff

... (truncated)

Commits

• 0f068c9 Remove +dev
• 6d5cf52 Various updates to 1.19 changelog (#20304)
• 3c81308 Add draft version of 1.19 release notes (#20296)
• 1999a20 [mypyc] librt base64: use existing SIMD CPU dispatch by customizing build fla...
• 1b94fbb [mypyc] Fix vtable pointer with inherited dunder new (#20302)
• 13369cb [mypyc] Fix crash on super in generator (#20291)
• a087a58 Update import map when new modules added (#20271)
• 35e843c [mypyc] Add efficient librt.base64.b64decode (#20263)
• 094f66d [mypyc] Add repr to AssignmentTarget subclasses (#20258)
• 0738db3 Do not push partial types to the binder (#20202)
• Additional commits viewable in compare view

Updates ruff from 0.14.2 to 0.14.8

Release notes

Sourced from ruff's releases.

0.14.8

Release Notes

Released on 2025-12-04.

Preview features

• [flake8-bugbear] Catch yield expressions within other statements (B901) (#21200)
• [flake8-use-pathlib] Mark fixes unsafe for return type changes (PTH104, PTH105, PTH109, PTH115) (#21440)

Bug fixes

• Fix syntax error false positives for await outside functions (#21763)
• [flake8-simplify] Fix truthiness assumption for non-iterable arguments in tuple/list/set calls (SIM222, SIM223) (#21479)

Documentation

• Suggest using --output-file option in GitLab integration (#21706)

Other changes

• [syntax-error] Default type parameter followed by non-default type parameter (#21657)

Contributors

• @​kieran-ryan
• @​11happy
• @​danparizher
• @​ntBre

Install ruff 0.14.8

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.14.8/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://github.com/astral-sh/ruff/releases/download/0.14.8/ruff-installer.ps1 | iex"

Download ruff 0.14.8

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.14.8

Released on 2025-12-04.

Preview features

• [flake8-bugbear] Catch yield expressions within other statements (B901) (#21200)
• [flake8-use-pathlib] Mark fixes unsafe for return type changes (PTH104, PTH105, PTH109, PTH115) (#21440)

Bug fixes

• Fix syntax error false positives for await outside functions (#21763)
• [flake8-simplify] Fix truthiness assumption for non-iterable arguments in tuple/list/set calls (SIM222, SIM223) (#21479)

Documentation

• Suggest using --output-file option in GitLab integration (#21706)

Other changes

• [syntax-error] Default type parameter followed by non-default type parameter (#21657)

Contributors

• @​kieran-ryan
• @​11happy
• @​danparizher
• @​ntBre

0.14.7

Released on 2025-11-28.

Preview features

• [flake8-bandit] Handle string literal bindings in suspicious-url-open-usage (S310) (#21469)
• [pylint] Fix PLR1708 false positives on nested functions (#21177)
• [pylint] Fix suppression for empty dict without tuple key annotation (PLE1141) (#21290)
• [ruff] Add rule RUF066 to detect unnecessary class properties (#21535)
• [ruff] Catch more dummy variable uses (RUF052) (#19799)

Bug fixes

• [server] Set severity for non-rule diagnostics (#21559)
• [flake8-implicit-str-concat] Avoid invalid fix in (ISC003) (#21517)
• [parser] Fix panic when parsing IPython escape command expressions (#21480)

CLI

• Show partial fixability indicator in statistics output (#21513)

... (truncated)

Commits

• 9d4f1c6 Bump 0.14.8 (#21791)
• 326025d [ty] Always register rename provider if client doesn't support dynamic regist...
• 3aefe85 [ty] Ensure rename CursorTest calls can_rename before renaming (#21790)
• b8ecc83 Fix clippy errors on main (#21788)
• 6491932 [ty] Fix crash when hovering an unknown string annotation (#21782)
• a9f2bb4 [ty] Don't send publish diagnostics for clients supporting pull diagnostics (...
• e2b72fb [ty] cleanup test path (#21781)
• 14fce0d [ty] Improve the display of various special-form types (#21775)
• 8ebecb2 [ty] Add subdiagnostic hint if the user wrote X = Any rather than X: Any ...
• 45ac30a [ty] Teach ty the meaning of desperation (try ancestor pyproject.tomls as...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: python. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.