Sourced from pandas's releases.

pandas 3.0.3

We are pleased to announce the release of pandas 3.0.3. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

• 72f2fea RLS: 3.0.3 (#65590)
• 2897590 Backport PR #65436 on branch 3.0.x (Account for privatization of matplotlib `...
• 49894b5 Backport PR #65499 on branch 3.0.x (BUG: fix check if pyarrow is installed in...
• 1c6d1e3 [backport 3.0.x] PERF: remove special casing for zoneinfo in tz_localize_to_u...
• 2a54711 Backport PR #64379 on branch 3.0.x (PERF: improve performance with ZoneInfo t...
• 036bb7c Backport PR #65482 on branch 3.0.x (PERF: don't call unique on dtypes for che...
• bf4c182 Backport PR #65410 on branch 3.0.x (TST: also convert str index to object in ...
• dd02d75 [backport 3.0.x] BUG: keep fsspec OpenFile alive for chained URL reads (#6547...
• aef3d0f [backport 3.0.x] CI: lowercase types-pymysql/types-pyyaml to fix mamba 2.6.0 ...
• bb8e248 Backport PR #65399 on branch 3.0.x (DOC: fix source link for classes in the r...
• Additional commits viewable in compare view

Sourced from requests's releases.

v2.34.0

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
• Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

New Contributors

• @​cjriches made their first contribution in psf/requests#7365
• @​dsanader made their first contribution in psf/requests#7376
• @​DimitriPapadopoulos made their first contribution in psf/requests#7393
• @​joshua-51 made their first contribution in psf/requests#7416
• @​eggsort made their first contribution in psf/requests#7421
• @​typhon8 made their first contribution in psf/requests#7315
• @​bastimeyer made their first contribution in psf/requests#7425

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2340-2026-05-11

Sourced from requests's changelog.

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
• Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file

... (truncated)

• 0b401c7 v2.34.0
• 86b378d Align Session.get parameters with requests.get (#7429)
• a4f9a59 Port bpo-39057 to Requests (#7427)
• 3816cfa Parameterize SupportsItems to handle Mapping key invariance (#7426)
• b684dcb sessions: fix hooks type (#7425)
• dc9dbdf Formalize 3.15 support (#7422)
• 25340eb Clear proxy env vars before every test run (#7423)
• fd62809 Preserve leading slashes in request path_url (#7315)
• e8d2c01 docs: Fix missing hook output in docs example (#7421)
• eb173bc Add 3.14t support to CI (#7419)
• Additional commits viewable in compare view

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Mypy 2.1

We’ve just uploaded mypy 2.1.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

librt.vecs: Fast Growable Array Type for Mypyc

The new librt.vecs module provides an efficient growable array type vec that is optimized for mypyc use. It provides fast, packed arrays with integer and floating point value types, which can be several times faster than list, and tens of times faster than array.array in code compiled using mypyc. It also supports nested vec objects and non-value-type items, such as vec[vec[str]].

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo.

librt.random: Fast Pseudo-Random Number Generation

The new librt.random module provides fast pseudo-random number generation that is optimized for code compiled using mypyc. It can be 3x to 10x faster than the stdlib random module in compiled code.

Refer to the documentation for the details.

Contributed by Jukka Lehtosalo (PR 21433).

Mypyc Improvements

• Make compilation order with multiple files consistent (Piotr Sawicki, PR 21419)
• Fix crash on accessing StopAsyncIteration (Piotr Sawicki, PR 21406)
• Fix incremental compilation with separate flag (Vaggelis Danias, PR 21299)

Fixes to Crashes

• Fix crash on partial type with --allow-redefinition and global declaration (Jukka Lehtosalo, PR 21428)
• Fix broken awaitable generator patching (Ivan Levkivskyi, PR 21435)

Changes to Messages

... (truncated)

• c1c336d Remove +dev from version
• 74df14b Add changelog for mypy 2.1 (#21464)
• 022d9bc Revert "TypeForm: Enable by default (#21262)"
• 8826288 [mypyc] Document librt.random (#21463)
• 3f4067b Bump librt version to 0.11.0 (#21458)
• 2b1eb58 [mypyc] Enable incremental self-compilation (#21369)
• 8152f4a Respect file config comments for stale modules (#21444)
• 116d60b Fix nondeterminism from nonassociativity of overload joins (#21455)
• 6c4af8e Fix function call message change for small number of args (#21432)
• 4b8fdca [mypyc] Add librt.random module (#21433)
• Additional commits viewable in compare view

• See full diff in compare view

Sourced from polars's releases.

Python Polars 1.40.1

🚀 Performance improvements

• Skip validity mask processing in __array_ufunc__ when no inputs have nulls (#27358)

✨ Enhancements

• Cargo deny (#27363)
• Add maintain_order parameter to merge_sorted (#27263)

🐞 Bug fixes

• Honor having predicate in GroupBy iter (#27370)
• Use the physical dtype for NumUnorderedImplodeReducer arrow ListArray (#27375)
• Address bug in reduce_balanced for certain input length lists affecting pl.concat (#27352)
• Ensure list.sample() allows fraction > 1 when with_replacement=True (#27350)
• Ensure append() errors when upcast=False (#27346)
• Always rechunk sorts, prune sorts even in eager execution (#27356)
• Fix typing for DataFrame.__init__ and Series.__init__ so they don't require all optional dependencies to be installed (#27348)

📖 Documentation

• Split out openlineage docs into guide and configuration (#27371)
• Add explanation on the observatory sqlite db file (#27354)

🛠️ Other improvements

• Disable mypy type checking for pyarrow calls (#27377)
• Disable debug symbols in macos coverage tests (#27361)
• Cargo deny (#27363)

Thank you to all our contributors for making this release possible! @​EndPositive, @​Kevin-Patyk, @​MarcoGorelli, @​carnarez, @​dsprenkels, @​gab23r, @​jonathanchang31, @​kdn36, @​mzjp2 and @​ritchie46

• 344a0ea Python Polars 1.40.1 (#27381)
• 4856eb3 fix: Honor having predicate in GroupBy iter (#27370)
• f992305 chore(python): Disable mypy type checking for pyarrow calls (#27377)
• 17f9074 chore: Disable debug symbols in macos coverage tests (#27361)
• 44948d3 fix: Use the physical dtype for NumUnorderedImplodeReducer arrow `ListArray...
• 6bb1cf8 fix(python): Address bug in reduce_balanced for certain input length lists ...
• fb70396 docs: Split out openlineage docs into guide and configuration (#27371)
• 2436421 fix: Ensure list.sample() allows fraction > 1 when `with_replacement=True...
• 21f150f ci(rust): Cargo deny (#27363)
• dd9be47 perf: Skip validity mask processing in array_ufunc when no inputs have nu...
• Additional commits viewable in compare view

Sourced from build's releases.

1.5.0

What's Changed

• ci: try to improve release docs by @​henryiii in pypa/build#1051
• feat: drop 3.9, require 3.10+ by @​henryiii in pypa/build#1036
• chore: tox toml by @​henryiii in pypa/build#1033
• fix: api should not ignore installed, only CLI by @​henryiii in pypa/build#1056

Full Changelog: pypa/build@1.4.4...1.5.0

Sourced from build's changelog.

#################### 1.5.0 (2026-04-30) ####################

---

Features

---

• Drop Python 3.9 support - by :user:henryiii (:issue:1036)

---

Bugfixes

---

• Make --ignore-installed opt-in from the API via fresh=True - by :user:henryiii (:issue:1056)

---

Miscellaneous

---

• :issue:1033

#################### 1.4.4 (2026-04-22) ####################

---

Bugfixes

---

• Fix release pipeline generating CHANGELOG.rst entries with inconsistent heading levels, which broke sphinx -W and pinned Read the Docs stable at 1.4.0 - by :user:gaborbernat. (:issue:1031)
• Revert :pr:1039 from build 1.4.3, no longer check direct_url (for now) - by :user:henryiii (:issue:1039)
• Add --ignore-installed to pip install command to prevent issues with packages already present in the isolated build environment - by :user:henryiii (:issue:1037) (:issue:1040)
• Partial revert of :pr:973, keeping log messages in one entry, multiple lines. (:issue:1044)

---

Miscellaneous

---

• :issue:1048, :issue:1049

#################### 1.4.3 (2026-04-10) ####################

---

Features

---

... (truncated)

• 615d04c chore: prepare for 1.5.0
• 776f702 fix: api should not ignore installed, only CLI (#1056)
• 42da4c4 pre-commit: bump repositories (#1055)
• b445cd2 chore: tox toml (#1033)
• c44c143 feat: drop 3.9, require 3.10+ (#1036)
• a9bb456 build(deps): bump astral-sh/setup-uv from 8.0.0 to 8.1.0 in the actions group...
• cb33511 ci: try to improve release docs (#1051)
• See full diff in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions