Skip to content

Bump the python-production group in /pydatalab with 3 updates#1704

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/pydatalab/main/python-production-61e59a9987
Open

Bump the python-production group in /pydatalab with 3 updates#1704
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/pydatalab/main/python-production-61e59a9987

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot Bot commented on behalf of github May 1, 2026

Bumps the python-production group in /pydatalab with 3 updates: matplotlib, pymongo and transformers.

Updates matplotlib from 3.10.8 to 3.10.9

Release notes

Sourced from matplotlib's releases.

v3.10.9

This is a micro release of the v3.10.x series. Highlights of this release include:

  • Various minor bug and doc fixes
  • Security hardening validation of cyclers - Removing eval usage
  • Security hardening in Latex and PS calls - Removing shell escapes
Commits
  • dd8d78b REL: v3.10.9
  • 2fb1891 REL: Release prep v3.10.9
  • d0e923a Merge branch 'v3.10.8-doc' into v3.10.x
  • 1637932 Merge pull request #31558 from meeseeksmachine/auto-backport-of-pr-31556-on-v...
  • a83faac Backport PR #31556: FIX: Inverted PyErr_Occurred check in enum type caster (_...
  • a4f57ab Merge pull request #31545 from ksunden/backport-of-pr-31282-on-v3.10.x
  • 063288d Merge pull request #31544 from ksunden/backport-of-pr-31248-on-v3.10.x
  • b2ed196 Backport PR #31248: SEC: Remove eval() from validate_cycler
  • acc6024 Merge pull request #31282 from scottshambaugh/tex_no_shell
  • e3fb541 Merge pull request #31078 from meeseeksmachine/auto-backport-of-pr-31075-on-v...
  • Additional commits viewable in compare view

Updates pymongo from 4.16.0 to 4.17.0

Release notes

Sourced from pymongo's releases.

PyMongo 4.17.0

Community notes

What's Changed

... (truncated)

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.17.0 (2026/04/20)

PyMongo 4.17 brings a number of changes including:

  • has_key, iterkeys and itervalues in :class:bson.son.SON have been deprecated and will be removed in PyMongo 5.0. These methods were deprecated in favor of the standard dictionary containment operator in and the keys() and values() methods, respectively.
  • Added the :meth:~pymongo.asynchronous.client_session.AsyncClientSession.bind and :meth:~pymongo.client_session.ClientSession.bind methods that allow users to bind a session to all database operations within the scope of a context manager instead of having to explicitly pass the session to each individual operation. See the Transactions docs <https://www.mongodb.com/docs/languages/python/pymongo-driver/current/crud/transactions/#methods>_ for examples and more information.
  • Added support for MongoDB's Intelligent Workload Management (IWM) and ingress connection rate limiting features. The driver now gracefully handles write-blocking scenarios and optimizes connection establishment during high-load conditions to maintain application availability. See the IWM <https://www.mongodb.com/docs/atlas/intelligent-workload-management>_ or Overload Errors <https://www.mongodb.com/docs/atlas/overload-errors/?interface=driver&language=python>_ docs for more information.
Commits
  • f2103a9 Prep branch v4.17
  • 3491c08 PYTHON-5801 - Update changelog for 4.17 release (#2762)
  • 912ef33 PYTHON-5798 - Overload retargeting prose tests do not ensure that sec… (#2760)
  • b4e2c03 PYTHON-5800 - Simple collation is included in index information (#2761)
  • f31ba09 PYTHON-5797 - Add IWM and Overload Error links to changelog (#2757)
  • 5da9183 PYTHON-5794 - Add prose tests to verify correct retry behavior when a… (#2755)
  • 35e51a5 Revert "PYTHON-5768 Add AGENTS.md w/copilot instructions" (#2744) (#2754)
  • f41dd5c PYTHON-5772 Increase _gcp_helpers.py coverage (#2749)
  • 49e7a05 PYTHON-5760 Increase _azure_helpers.py coverage (#2747)
  • a2b0cd8 PYTHON-5795 Fix absolute link to CONTRIBUTING.md in README.md (#2756)
  • Additional commits viewable in compare view

Updates transformers from 5.5.4 to 5.7.0

Release notes

Sourced from transformers's releases.

Release v5.7.0

New Model additions

Laguna

Laguna is Poolside's mixture-of-experts language model family that extends standard SwiGLU MoE transformers with two key innovations. It features per-layer head counts allowing different decoder layers to have different query-head counts while sharing the same KV cache shape, and implements a sigmoid MoE router with auxiliary-loss-free load balancing that uses element-wise sigmoid of gate logits plus learned per-expert bias for router scoring.

Links: Documentation

DEIMv2

DEIMv2 (DETR with Improved Matching v2) is a real-time object detection model that extends DEIM with DINOv3 features and spans eight model sizes from X to Atto for diverse deployment scenarios. It uses a Spatial Tuning Adapter (STA) for larger variants to convert DINOv3's single-scale output into multi-scale features, while ultra-lightweight models employ pruned HGNetv2 backbones. The unified design achieves superior performance-cost trade-offs, with DEIMv2-X reaching 57.8 AP with only 50.3M parameters and DEIMv2-S being the first sub-10M model to exceed 50 AP on COCO.

Links: Documentation | Paper

Attention

Several attention-related bugs were fixed across multiple models, including a cross-attention cache type error in T5Gemma2 for long inputs, incorrect cached forward behavior in Qwen3.5's gated-delta-net linear attention, and a crash in GraniteMoeHybrid when no Mamba layers are present. Attention function dispatch was also updated to align with the latest model implementations.

Tokenizers

There was a bug in AutoTokenizer that caused the wrong tokenizer class to be initialized. This caused regressions in models like DeepSeek R1.

Generation

Continuous batching generation received several fixes and improvements, including correcting KV deduplication and memory estimation for long sequences (16K+), and removing misleading warnings about num_return_sequences and other unsupported features that were incorrectly firing even when functionality worked correctly. Documentation for per-request sampling parameters was also added.

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python-production group in /pydatalab with 3 updates
9d133a9 
Bumps the python-production group in /pydatalab with 3 updates: [matplotlib](https://github.com/matplotlib/matplotlib), [pymongo](https://github.com/mongodb/mongo-python-driver) and [transformers](https://github.com/huggingface/transformers).


Updates `matplotlib` from 3.10.8 to 3.10.9
- [Release notes](https://github.com/matplotlib/matplotlib/releases)
- [Commits](matplotlib/matplotlib@v3.10.8...v3.10.9)

Updates `pymongo` from 4.16.0 to 4.17.0
- [Release notes](https://github.com/mongodb/mongo-python-driver/releases)
- [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst)
- [Commits](mongodb/mongo-python-driver@4.16.0...4.17.0)

Updates `transformers` from 5.5.4 to 5.7.0
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v5.5.4...v5.7.0)

---
updated-dependencies:
- dependency-name: matplotlib
  dependency-version: 3.10.9
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python-production
- dependency-name: pymongo
  dependency-version: 4.17.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-production
- dependency-name: transformers
  dependency-version: 5.7.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python-production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependency_updates For issues/PRs that update the dependencies of the package Python labels May 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependency_updates For issues/PRs that update the dependencies of the package Python

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants