Bump the python-packages group with 5 updates

[dependabot]

Bumps the python-packages group with 5 updates:

Package	From	To
pandas	2.3.3	3.0.2
sqlglot	30.4.3	30.6.0
filelock	3.25.2	3.29.0
ruff	0.15.10	0.15.11
ty	0.0.29	0.0.32

Updates pandas from 2.3.3 to 3.0.2

Release notes

Sourced from pandas's releases.

pandas 3.0.2

We are pleased to announce the release of pandas 3.0.2. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

pandas 3.0.1

We are pleased to announce the release of pandas 3.0.1. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

pandas 3.0.0

We are pleased to announce the release of pandas 3.0.0, a major release from the pandas 2.x series. This release includes various new features, bug fixes, and performance improvements, as well as possible breaking changes.

The pandas 3.0 release removed a functionality that was deprecated in previous releases. It is recommended to first upgrade to pandas 2.3 and to ensure your code is working without warnings, before upgrading to pandas 3.0.

Highlights include:

• Dedicated string data type by default
• Consistent copy/view behaviour with Copy-on-Write (CoW) (a.k.a. getting rid of the SettingWithCopyWarning)
• New default resolution for datetime-like data
• Initial support for the new pd.col syntax

... (truncated)

Commits

• ab90747 RLS: 3.0.2 (#64934)
• 6f27013 Backport PR #64931 on branch 3.0.x (DOC/BLD: temporary disable upload of docs...
• 48ddc60 Backport PR #64664 on branch 3.0.x (BUG: DataFrame.sum() crashes on empty Dat...
• 8774488 [backport 3.0.x] PERF: fix slow python loop in validation for ArrowStringArra...
• 33af6cc Backport PR #64133 on branch 3.0.x (BUG: str.find returns byte offset instead...
• 4ef49d8 [backport 3.0.x] BUG: fix convert_dtypes dropping values from sliced mixed-dt...
• 0668f34 [backport 3.0.x] BUG: Fix HDFStore.put with StringDtype columns and compressi...
• 23f2f44 [backport 3.0.x] BUG: Suppress unnecessary RuntimeWarning in to_datetime with...
• 83ba804 Backport PR #64886: BUG: Compute Variance of Complex Numbers Correctly (#64892)
• bb5ca1a Backport PR #64386 on branch 3.0.x (BUG: fix sort_index AssertionError with R...
• Additional commits viewable in compare view

Updates sqlglot from 30.4.3 to 30.6.0

Commits

• dcf9ed5 Feat(mypyc)!: compile python generator (#7528)
• 8e5e255 Fix(postgres): dotted function calls in create trigger ddls closes #7527
• 08ea329 Chore: avoid git submodule errors when publishing API docs (#7526)
• 817f12a Sync w/ integration tests
• 583a72f Update CHANGELOG.md for v30.5.0 [skip ci]
• 64d385f Sync w/ integration tests
• 6da9653 fix(optimizer): support bigquery type inference for unnest + array + struct (...
• d289db3 feat(starrocks)!: stop eliminating semi/anti joins, QUALIFY, and FULL OUTER J...
• f8af9d6 Sync w/ integration tests
• ceb14fa feat(duckdb): Add transpilation unsupported for SOUNDEX function (#7517)
• Additional commits viewable in compare view

Updates filelock from 3.25.2 to 3.29.0

Release notes

Sourced from filelock's releases.

3.29.0

What's Changed

• 🐛 fix(async): use single-thread executor for lock consistency by @​gaborbernat in tox-dev/filelock#533
• ✨ feat(soft): enable stale lock detection on Windows by @​gaborbernat in tox-dev/filelock#534

Full Changelog: tox-dev/filelock@3.28.0...3.29.0

3.28.0

What's Changed

• 🐛 fix(ci): unbreak release workflow, publish to PyPI again by @​gaborbernat in tox-dev/filelock#529

Full Changelog: tox-dev/filelock@3.27.0...3.28.0

3.27.0

What's Changed

• ✨ feat(rw): add SoftReadWriteLock for NFS and HPC clusters by @​gaborbernat in tox-dev/filelock#528

Full Changelog: tox-dev/filelock@3.26.1...3.27.0

3.26.1

What's Changed

• 🐛 fix(asyncio): add exit to BaseAsyncFileLock and fix del loop handling by @​naarob in tox-dev/filelock#518

New Contributors

• @​naarob made their first contribution in tox-dev/filelock#518

Full Changelog: tox-dev/filelock@3.26.0...3.26.1

3.26.0

What's Changed

• 🔒 ci(workflows): add zizmor security auditing by @​gaborbernat in tox-dev/filelock#517
• 🔧 fix(ci): restore git credentials for release job by @​gaborbernat in tox-dev/filelock#520
• ✨ feat(soft): add PID inspection and lock breaking by @​gaborbernat in tox-dev/filelock#524

Full Changelog: tox-dev/filelock@3.25.2...3.26.0

Changelog

Sourced from filelock's changelog.

########### Changelog ###########

---

3.29.0 (2026-04-19)

---

• ✨ feat(soft): enable stale lock detection on Windows :pr:534
• 🐛 fix(async): use single-thread executor for lock consistency :pr:533
• build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 :pr:530 - by :user:dependabot[bot]

---

3.28.0 (2026-04-14)

---

• 🐛 fix(ci): unbreak release workflow, publish to PyPI again :pr:529

---

3.26.1 (2026-04-09)

---

• 🐛 fix(asyncio): add exit to BaseAsyncFileLock and fix del loop handling :pr:518 - by :user:naarob
• build(deps): bump pypa/gh-action-pypi-publish from 1.13.0 to 1.14.0 :pr:525 - by :user:dependabot[bot]

---

3.26.0 (2026-04-06)

---

• ✨ feat(soft): add PID inspection and lock breaking :pr:524
• [pre-commit.ci] pre-commit autoupdate :pr:523 - by :user:pre-commit-ci[bot]
• build(deps): bump astral-sh/setup-uv from 7.6.0 to 8.0.0 :pr:522 - by :user:dependabot[bot]
• Remove persist-credentials: false from release job :pr:520
• [pre-commit.ci] pre-commit autoupdate :pr:519 - by :user:pre-commit-ci[bot]
• 🔒 ci(workflows): add zizmor security auditing :pr:517
• [pre-commit.ci] pre-commit autoupdate :pr:516 - by :user:pre-commit-ci[bot]
• [pre-commit.ci] pre-commit autoupdate :pr:514 - by :user:pre-commit-ci[bot]

---

3.25.2 (2026-03-11)

---

• 🐛 fix(unix): suppress EIO on close in Docker bind mounts :pr:513

---

3.25.1 (2026-03-09)

---

• [pre-commit.ci] pre-commit autoupdate :pr:510 - by :user:pre-commit-ci[bot]
• 🐛 fix(win): restore best-effort lock file cleanup on release :pr:511

... (truncated)

Commits

• 469b47f Release 3.29.0
• e85d072 ✨ feat(soft): enable stale lock detection on Windows (#534)
• f5ee171 🐛 fix(async): use single-thread executor for lock consistency (#533)
• 2a95458 build(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#530)
• 55de20c Release 3.28.0
• 476b0e4 🐛 fix(ci): unbreak release workflow, publish to PyPI again (#529)
• 824713e ✨ feat(rw): add SoftReadWriteLock for NFS and HPC clusters (#528)
• 9879de9 [pre-commit.ci] pre-commit autoupdate (#527)
• 4cfab49 Release 3.26.1
• 734c9f2 🐛 fix(asyncio): add exit to BaseAsyncFileLock and fix del loop handli...
• Additional commits viewable in compare view

Updates ruff from 0.15.10 to 0.15.11

Release notes

Sourced from ruff's releases.

0.15.11

Release Notes

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Install ruff 0.15.11

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ruff/releases/download/0.15.11/ruff-installer.ps1 | iex"

Download ruff 0.15.11

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.11

Released on 2026-04-16.

Preview features

• [ruff] Ignore RUF029 when function is decorated with asynccontextmanager (#24642)
• [airflow] Implement airflow-xcom-pull-in-template-string (AIR201) (#23583)
• [flake8-bandit] Fix S103 false positives and negatives in mask analysis (#24424)

Bug fixes

• [flake8-async] Omit overridden methods for ASYNC109 (#24648)

Documentation

• [flake8-async] Add override mention to ASYNC109 docs (#24666)
• Update Neovim config examples to use vim.lsp.config (#24577)

Contributors

• @​augustelalande
• @​anishgirianish
• @​benberryallwood
• @​charliermarsh
• @​Dev-iL

Commits

• 53554b1 Bump 0.15.11 (#24678)
• 08c56c8 Factor out the mdtest crate (#24616)
• 725fbb7 [ty] Use partially qualified names when reporting diagnostics regarding bad c...
• ddd6a30 [ty] Do not suggest argument completion when at value of keyword argument (#2...
• 9282e61 Disallow @​disjoint_base on TypedDicts and Protocols (#24671)
• e9986d8 [ty] Reject using properties with Never setters or deleters (#24510)
• 9cf212f [ty] Normalize property setter and deleter wrappers (#24509)
• 12a1589 Add override mention to ASYNC109 docs (#24666)
• dccb03d [ty] Avoid panicking on overloaded Callable type context (#24661)
• 61f9a0a [ty] Sync vendored typeshed stubs (#24646)
• Additional commits viewable in compare view

Updates ty from 0.0.29 to 0.0.32

Release notes

Sourced from ty's releases.

0.0.32

Release Notes

Released on 2026-04-20.

Bug fixes

• Fix panic when __get__ uses Concatenate self-type and wraps a __call__ (#24692)
• Avoid panicking on overloaded Callable type context (#24661)
• Expand class bases in per-base lint checks (#24695, #24699)
• Fix stack overflow for binary operator inference involving recursive types (#24551)

LSP server

• Dim out unreachable code in IDEs (#24580)
• Do not suggest argument completion when typing the value of a keyword argument (#24669)
• Retrieve the docstring from the overload implementation if an @overload-decorated function has no docstring (#23920)

Core type checking

• Allow if statements in TypedDict bodies (#24702)
• Disallow @disjoint_base on TypedDicts and Protocols (#24671)
• Do not consider a subclass of a @dataclass_transform-decorated class to have dataclass-like semantics if it has type in its MRO (#24679)
• Reject using properties with Never setters or deleters (#24510)
• Sync vendored typeshed stubs (#24646). Typeshed diff

Diagnostics

• Show error context for assignability diagnostics (#24309)
• Use partially qualified names when reporting diagnostics regarding bad calls to methods (#24560)
• Reduce source code context window to zero (#24689)
• Merge same-file annotations if there is only a single line separating them (#24694)

Performance

• Memoize binary operator return types (#24700)
• Gate protocol compatibility on member count (#24684)

Contributors

• @​JelleZijlstra
• @​kc0506
• @​denyszhak
• @​carljm
• @​dcreager
• @​AlexWaygood
• @​dylwil3
• @​charliermarsh
• @​sharkdp
• @​ibraheemdev

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.32

Released on 2026-04-20.

Bug fixes

• Fix panic when __get__ uses Concatenate self-type and wraps a __call__ (#24692)
• Avoid panicking on overloaded Callable type context (#24661)
• Expand class bases in per-base lint checks (#24695, #24699)
• Fix stack overflow for binary operator inference involving recursive types (#24551)

LSP server

• Dim out unreachable code in IDEs (#24580)
• Do not suggest argument completion when typing the value of a keyword argument (#24669)
• Retrieve the docstring from the overload implementation if an @overload-decorated function has no docstring (#23920)

Core type checking

• Allow if statements in TypedDict bodies (#24702)
• Disallow @disjoint_base on TypedDicts and Protocols (#24671)
• Do not consider a subclass of a @dataclass_transform-decorated class to have dataclass-like semantics if it has type in its MRO (#24679)
• Reject using properties with Never setters or deleters (#24510)
• Sync vendored typeshed stubs (#24646). Typeshed diff

Diagnostics

• Show error context for assignability diagnostics (#24309)
• Use partially qualified names when reporting diagnostics regarding bad calls to methods (#24560)
• Reduce source code context window to zero (#24689)
• Merge same-file annotations if there is only a single line separating them (#24694)

Performance

• Memoize binary operator return types (#24700)
• Gate protocol compatibility on member count (#24684)

Contributors

• @​JelleZijlstra
• @​kc0506
• @​denyszhak
• @​carljm
• @​dcreager
• @​AlexWaygood
• @​dylwil3
• @​charliermarsh
• @​sharkdp
• @​ibraheemdev

... (truncated)

Commits

• 4d1e1fc Bump version to 0.0.32 (#3302)
• a537bde Update PyO3/maturin-action action to v1.51.0 (#3300)
• 81e4125 Update actions/upload-artifact action to v7.0.1 (#3296)
• a9dd1cb Update docker/build-push-action action to v7.1.0 (#3299)
• ef0a7dd Update actions/github-script action to v9 (#3301)
• 74f0583 Update astral-sh/setup-uv action to v8.1.0 (#3298)
• 82799cc Update prek dependencies (#3297)
• daaa404 Bump version to 0.0.31 (#3280)
• 12e86b5 Bump version to 0.0.30 (#3270)
• 67077ad Reorder sections in FAQ (#3267)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

Summary by cubic

Upgrade Python deps for stability and performance. Notably, pandas is bumped to 3.0.2 (Python 3.11+), which drops the pytz dependency and may include breaking changes.

• Dependencies

  • pandas 2.3.3 → 3.0.2
  • sqlglot 30.4.3 → 30.6.0
  • filelock 3.25.2 → 3.29.0
  • ruff 0.15.10 → 0.15.11
  • ty 0.0.29 → 0.0.32

• Migration

  • Ensure CI and runtime use Python 3.11+.
  • Run tests to catch removed/deprecated pandas APIs and behavior changes (e.g., string dtype default, datetime resolution, Copy-on-Write).
  • Replace any pytz usage with zoneinfo (install tzdata if needed on Windows).

^{Written for commit 8a70d10. Summary will update on new commits.}

[cubic-dev-ai]

No issues found across 1 file

Architecture diagram

sequenceDiagram
    participant App as Application Code
    participant SQL as sqlglot (v30.6.0)
    participant Lock as filelock (v3.29.0)
    participant PD as pandas (v3.0.2)
    participant OS as OS / File System

    Note over App,PD: Runtime Data Processing Flow

    App->>SQL: Transpile Query
    SQL->>SQL: CHANGED: Improved dialect-specific<br/>inference (e.g., BigQuery UNNEST)
    SQL-->>App: SQL String

    App->>Lock: Acquire File Lock
    alt NEW: Windows Environment
        Lock->>OS: NEW: Check for stale locks via PID
    else Async Context
        Lock->>Lock: CHANGED: Use single-thread executor<br/>for consistency
    end
    Lock-->>App: Lock Granted

    App->>PD: Load Data (CSV/SQL/Arrow)
    PD->>PD: NEW: Default to dedicated<br/>StringDtype (Arrow-backed)
    PD-->>App: DataFrame

    App->>PD: Perform Slice and Modification
    alt Copy-on-Write (CoW) Enabled
        PD->>PD: NEW: Deferred copy on modification<br/>(Avoids SettingWithCopyWarning)
    else Datetime Handling
        PD->>PD: NEW: Inference of higher<br/>resolution datetime units
    end
    PD-->>App: Modified DataFrame

    App->>Lock: Release Lock
    Lock-->>App: Success

Loading