chore(deps)(deps): bump the python-versions group across 1 directory with 11 updates

[dependabot]

Bumps the python-versions group with 10 updates in the / directory:

Package	From	To
huggingface-hub	1.17.0	1.18.0
ruff	0.15.15	0.15.16
ipython	9.14.0	9.14.1
optuna	4.8.0	4.9.0
sphinx-autodoc-typehints	3.10.4	3.10.5
dagster	1.13.7	1.13.8
plotly	6.7.0	6.8.0
tqdm	4.67.3	4.68.0
holidays	0.97	0.98
mlflow-skinny	3.12.0	3.13.0

Updates huggingface-hub from 1.17.0 to 1.18.0

Release notes

Sourced from huggingface-hub's releases.

[v1.18.0] Unified file copying, web URL support, and storage usage

🖥️ Unified hf cp command

A single hf cp command now handles all file-copy workflows (upload a local file, download from the Hub, or copy between two remote locations) with consistent hf:// URI syntax for both repositories and buckets. It is also available as hf repos cp and hf buckets cp; all three aliases are identical, so you can use whichever reads best for your workflow. You can stream from stdin (-) or to stdout (-), and a trailing / on the source path gives you rsync-style semantics (copy the folder contents, not the folder itself). Note that remote-to-remote copies only work within the same storage region, and bucket-to-repo is not yet supported.

# Upload a local file to a repo
hf cp ./model.safetensors hf://username/my-model/model.safetensors
Download a file to stdout
hf cp hf://username/my-model/config.json - | jq .
Copy between two Hub repos
hf cp hf://username/source-model/config.json hf://username/dest-model/config.json

📚 Documentation: CLI guide — Copy files

• [CLI] Add unified hf cp command (aliased as hf repos cp and hf buckets cp) by @​Wauplin in #4295

🥚 Easter egg:explore your storage usage

• [CLI] Easter egg: city skyline in hf repos ls by @​Wauplin in #4287

🔗 Paste web URLs directly

parse_hf_uri now accepts Hugging Face web URLs so you can paste a link straight into the CLI or the library and it "just works".

# Copy-paste a URL from the website
hf cp https://huggingface.co/nvidia/LocateAnything-3B/blob/main/config.json - | jq '.architectures'

📚 Documentation: HF URIs — Web URLs

• [URIs] Parse web URLs in parse_hf_uri + add HfUri.to_url by @​Wauplin in #4296

🚨 Breaking change

On Lustre, GPFS, and some NFS mounts, flock(2) silently succeeds for every caller, which means filelock provides no mutual exclusion. When multiple hf_hub_download calls race for the same file, they can append to the same .incomplete file and silently corrupt the blob cache. This release fixes that by always downloading to a fresh temporary file instead of resuming an incomplete one, making the download path safe even when file locking is broken. filelock is still used as a "best-effort" hint to avoid unnecessary duplicate downloads, but correctness no longer depends on it. This is a breaking change: resuming a previously failed partial download is no longer possible. However, file resumability was already a niche use case only applicable when hf_xet is disabled.

• [Fix] Make concurrent downloads safe even when file locking is broken by @​Wauplin in #4306

🖥️ CLI

• [CLI] inline enum choices in the generated CLI skill by @​hanouticelina in #4299

... (truncated)

Commits

• 64e5356 Release: v1.18.0
• b1c4c20 Release: v1.18.0.rc0
• c505f77 [Fix] Make concurrent downloads safe even when file locking is broken (#4306)
• d04c3b2 [URIs] Parse web URLs in parse_hf_uri + add HfUri.to_url (#4296)
• 0e57086 Bump the actions group with 2 updates (#4309)
• e628f15 [Download] Probe umask next to incomplete file instead of two levels above de...
• f4a91c2 [CLI] inline enum choices in the generated CLI skill (#4299)
• 1138933 [Docs] Mention storage region limitation for server-side copy (#4302)
• 26a6df1 [Docs] Document missing parameters in hf_hub_url and preupload_lfs_files (#4300)
• c6dfc6d [Docs] Document missing endpoint and template_str parameters (#4298)
• Additional commits viewable in compare view

Updates ruff from 0.15.15 to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

Commits

• 6c498ab Bump 0.15.16 (#25635)
• e51e132 [flake8-async] Implement yield-in-context-manager-in-async-generator (`AS...
• 7c6dcd9 [ty] Add caching for pattern match narrowing (#25613)
• 27058fc [ty] Compact retained definition and expression identities (#25606)
• bf80d05 Fix CODEOWNERS syntax (#25622)
• 10ccd51 Shrink additional parser AST collections (#25465)
• 0d7135f [ty] Upgrade Salsa (#25545)
• 49493a3 [ty] Show type alias value on hover (#25381)
• 85207d3 [ty] sys.implementation.version is not sys.version_info (#25608)
• a8a0614 [ty] Avoid retaining duplicate function signatures (#25609)
• Additional commits viewable in compare view

Updates ipython from 9.14.0 to 9.14.1

Commits

• 352c35b release 9.14.1
• df72b1f Add forward compatibility for pdb.Pdb's mode argument (#15235)
• a957d81 Handle pdb.Pdb mode argument and test signature compatibility
• 3e1c054 ci: add zizmor GitHub Actions security analysis and harden workflows (#15238)
• 0181ae3 ci: add zizmor GitHub Actions security analysis and harden workflows
• fb831cc back to dev
• See full diff in compare view

Updates optuna from 4.8.0 to 4.9.0

Release notes

Sourced from optuna's releases.

v4.9.0

This is the release note of v4.9.0.

Highlights

Enhance Multi-Objective Constrained Parallel Optimization in GPSampler

@​sawa3030 introduces parallelization enhancements to GPSampler, leveraging the Kriging Believer approach for constrained and multi-objective optimization (#6481). This improvement allows for more efficient exploration when multiple trials are running concurrently.

The GP surrogate is updated by assigning temporary objective function values ​​to the running trials.

For more technical details and benchmarks, please check out our blog post: Improving Optuna’s GPSampler Parallelization by Considering Running Trials.

Deprecate Several Features

The following features are deprecated in v4.9.0 and scheduled for removal in v6.0.0.

optuna

• Several arguments in TPESampler (#6635)
  • prior_weight, consider_magic_clip, consider_endpoints, gamma, weights, hyperopt_parameters: These internal parameters are being deprecated to simplify the interface, as the default settings are optimal for most use cases.
  • warn_independent_sampling: Deprecated because TPESampler now robustly supports both independent and joint sampling, making this warning obsolete.
  • categorical_distance_func: This advanced feature will be migrated to OptunaHub in the future.
• x0 and sigma0 options in CmaEsSampler (#6624)
  • These options have been deprecated because they require a deep understanding of CmaEsSampler's internals to be configured effectively.
• optuna.terminator module (#6668)
  • This feature will be migrated to OptunaHub in the future.
• RetryFailedTrialCallback (#6670)
  • This class has been renamed to RetryHeartbeatStaleTrialCallback to better reflect its behavior and avoid confusion with general trial retries (#6085).
• optuna.integration module
  • The optuna.integration module currently acts as a shortcut to the external optuna_integration package for backward compatibility. Please import directly from the optuna_integration package going forward.

optuna-integration

• PyCmaSampler: Please use Optuna's native CmaEsSampler instead.
• CometCallback: This feature will be migrated to OptunaHub in the future.
• MLflowCallback: This feature will be migrated to OptunaHub in the future.
• TensorBoardCallback: This feature will be migrated to OptunaHub in the future.
• TrackioCallback: This feature will be migrated to OptunaHub in the future.
• WeightsAndBiasesCallback: This class has already been migrated to OptunaHub.

Breaking Changes

• Deprecate PyCmaSampler (optuna/optuna-integration#276)
• Add deprecation message for CometCallback (optuna/optuna-integration#280)
• Add deprecation message for MLflowCallback (optuna/optuna-integration#281)

... (truncated)

Commits

• 4db42e3 Merge pull request #6691 from c-bata/backport-v4.9-attestations
• 6a15cf0 Add attestations: false to fix release workflow
• a592e6c Merge pull request #6684 from c-bata/bump-up-to-v4.9.0
• 490cfd6 Bump up to version number v4.9.0
• 6135d54 Merge pull request #6651 from nabenabe0928/add-brute-force-info-to-grid-sampler
• c41ec2d Merge remote-tracking branch 'upstream/master' into add-brute-force-info-to-g...
• f845a8f Fix
• 574749e Fix
• af7fe8b Add note to best trial
• b200bfb Update the NSGA-III doc
• Additional commits viewable in compare view

Updates sphinx-autodoc-typehints from 3.10.4 to 3.10.5

Release notes

Sourced from sphinx-autodoc-typehints's releases.

3.10.5

What's Changed

• process_signature: don't skip the first arg on bound instance methods by @​ilia-kats in tox-dev/sphinx-autodoc-typehints#705
• 🐛 fix(annotations): use class role for Ellipsis/NotImplementedType on 3.13+ by @​gaborbernat in tox-dev/sphinx-autodoc-typehints#707

New Contributors

• @​ilia-kats made their first contribution in tox-dev/sphinx-autodoc-typehints#705

Full Changelog: tox-dev/sphinx-autodoc-typehints@3.10.4...3.10.5

Commits

• bf535f6 🐛 fix(annotations): use class role for Ellipsis/NotImplementedType on 3.13+ (...
• 9f50d8d [pre-commit.ci] pre-commit autoupdate (#706)
• ac8ff5f process_signature: don't skip the first arg on bound instance methods (#705)
• See full diff in compare view

Updates dagster from 1.13.7 to 1.13.8

Changelog

Sourced from dagster's changelog.

1.13.8 (core) / 0.29.8 (libraries)

New

• Special characters are now allowed in team owners for jobs, schedules, and sensors. (Thanks, @​dragos-pop!)
• Added kinds tags and icons for Microsoft Fabric and OneLake. (Thanks, @​MartyP233!)
• The BigQuery, Snowflake, and DuckDB I/O managers now skip the table write when an asset returns an empty DataFrame, logging a warning instead. This prevents incorrect type inference and degenerate tables for empty partitions.
• [ui] The per-code-location "Docs" tab is now "Components", with its content available under a "Library" subtab. Existing /docs links continue to work via redirect.
• [dagster-aws] The EMR PySpark step launcher now honors a configured S3 job package path.
• [dagster-cloud] code_server.* metrics now carry a server_instance_id tag identifying the underlying gRPC server process. For multi-replica code locations, the tag identifies whichever replica answered the most recent metrics ping.

Bugfixes

• InstigationLogger now stringifies log record attributes that are not JSON-serializable instead of failing to emit the log. (Thanks, @​jonaslb!)
• Fixed a SQL injection vulnerability in dagster-clickhouse, dagster-clickhouse-pandas, and dagster-clickhouse-polars when using dynamic partition keys. ClickHouse partition queries now bind partition key values as driver parameters instead of interpolating them into SQL strings.
• Fixed an issue where tag values in component YAML files were not coerced correctly.
• [dg] dg labs ai dispatch no longer writes a plan.md artifact into version control.
• [dg] Fixed an error that occurred when using TypedDict-typed fields in component configuration.
• [ui] Fixed partition step status labels and squares that rendered incorrectly after the CSS Modules migration.
• [ui] Fixed backfill progress not reaching 100% until all runs had completed.
• [dagster-databricks] Fixed Databricks workspace job list pagination and added retries for rate-limit responses.
• [dagster-dbt] Fixed DbtProject.prepare() to always run dbt deps when dependency files are present.
• [dagster-dbt] Fixed YAML-based translation in DbtProjectComponent subclasses to also translate dependency keys.
• [dagster-dbt] Fixed an issue where dbt unit tests could be ignored unexpectedly.
• [dagster-dbt] Fixed incorrect asset key translation when generating column lineage with DbtProjectComponent.
• [dagster-dbt] Fixed unbounded recursive copying of the .local_defs_state() directory when a dbt project was located at the repository root.
• [dagster-cloud-cli] Fixed dg plus deploy failing with No module named pip in uv-managed environments.
• [dagster-cloud-cli] Removed an overly strict dependency-file check from the Docker deploy path.

Documentation

• Added an integration reference for dagster-elasticsearch.
• Added documentation for the OpenLineage integration.
• Added documentation for dagster-hf-datasets.
• Added an example covering deployment strategies.

Commits

• 37f0140 1.13.8
• e1eb625 Authenticate release changelog branch-tip fetch with devtools PAT
• 85b74f5 Fix release changelog check on k8s buildkite agents (#24807)
• cb52633 1.13.8 changelog (#25255)
• bea738d fix(dagster-rest-resources): relock to capture pytest conditional deps for py...
• 8df28a8 fix(dagster-shared): match_type Required/NotRequired support for TypedDict on...
• b443d0f [ui] Fix partition step status labels/squares broken by CSS Modules migration...
• 9765c98 [ui] Replace all Caption typography components with Text component (#25200)
• 05e07d2 [ui] Replace all Mono typography components with Text component (#25199)
• 2ff0352 fix(dagster-test): poll for dg dev child-process exit instead of fixed sleep ...
• Additional commits viewable in compare view

Updates dagster-webserver from 1.13.7 to 1.13.8

Changelog

Sourced from dagster-webserver's changelog.

1.13.8 (core) / 0.29.8 (libraries)

New

• Special characters are now allowed in team owners for jobs, schedules, and sensors. (Thanks, @​dragos-pop!)
• Added kinds tags and icons for Microsoft Fabric and OneLake. (Thanks, @​MartyP233!)
• The BigQuery, Snowflake, and DuckDB I/O managers now skip the table write when an asset returns an empty DataFrame, logging a warning instead. This prevents incorrect type inference and degenerate tables for empty partitions.
• [ui] The per-code-location "Docs" tab is now "Components", with its content available under a "Library" subtab. Existing /docs links continue to work via redirect.
• [dagster-aws] The EMR PySpark step launcher now honors a configured S3 job package path.
• [dagster-cloud] code_server.* metrics now carry a server_instance_id tag identifying the underlying gRPC server process. For multi-replica code locations, the tag identifies whichever replica answered the most recent metrics ping.

Bugfixes

• InstigationLogger now stringifies log record attributes that are not JSON-serializable instead of failing to emit the log. (Thanks, @​jonaslb!)
• Fixed a SQL injection vulnerability in dagster-clickhouse, dagster-clickhouse-pandas, and dagster-clickhouse-polars when using dynamic partition keys. ClickHouse partition queries now bind partition key values as driver parameters instead of interpolating them into SQL strings.
• Fixed an issue where tag values in component YAML files were not coerced correctly.
• [dg] dg labs ai dispatch no longer writes a plan.md artifact into version control.
• [dg] Fixed an error that occurred when using TypedDict-typed fields in component configuration.
• [ui] Fixed partition step status labels and squares that rendered incorrectly after the CSS Modules migration.
• [ui] Fixed backfill progress not reaching 100% until all runs had completed.
• [dagster-databricks] Fixed Databricks workspace job list pagination and added retries for rate-limit responses.
• [dagster-dbt] Fixed DbtProject.prepare() to always run dbt deps when dependency files are present.
• [dagster-dbt] Fixed YAML-based translation in DbtProjectComponent subclasses to also translate dependency keys.
• [dagster-dbt] Fixed an issue where dbt unit tests could be ignored unexpectedly.
• [dagster-dbt] Fixed incorrect asset key translation when generating column lineage with DbtProjectComponent.
• [dagster-dbt] Fixed unbounded recursive copying of the .local_defs_state() directory when a dbt project was located at the repository root.
• [dagster-cloud-cli] Fixed dg plus deploy failing with No module named pip in uv-managed environments.
• [dagster-cloud-cli] Removed an overly strict dependency-file check from the Docker deploy path.

Documentation

• Added an integration reference for dagster-elasticsearch.
• Added documentation for the OpenLineage integration.
• Added documentation for dagster-hf-datasets.
• Added an example covering deployment strategies.

Commits

• 37f0140 1.13.8
• e1eb625 Authenticate release changelog branch-tip fetch with devtools PAT
• 85b74f5 Fix release changelog check on k8s buildkite agents (#24807)
• cb52633 1.13.8 changelog (#25255)
• bea738d fix(dagster-rest-resources): relock to capture pytest conditional deps for py...
• 8df28a8 fix(dagster-shared): match_type Required/NotRequired support for TypedDict on...
• b443d0f [ui] Fix partition step status labels/squares broken by CSS Modules migration...
• 9765c98 [ui] Replace all Caption typography components with Text component (#25200)
• 05e07d2 [ui] Replace all Mono typography components with Text component (#25199)
• 2ff0352 fix(dagster-test): poll for dg dev child-process exit instead of fixed sleep ...
• Additional commits viewable in compare view

Updates plotly from 6.7.0 to 6.8.0

Release notes

Sourced from plotly's releases.

v6.8.0

Added

• Add optional font parameter for make_subplots [#5393], with thanks to @​Zomtir for the contribution!

Fixed

• Fix issue where user-specified color_continuous_scale was ignored when template had autocolorscale=True [#5439], with thanks to @​antonymilne for the contribution!
• Use presence of COLAB_NOTEBOOK_ID env var to enable Colab renderer instead of testing import of google.colab [#5473], with thanks to @​kevineger for the contribution!
• Fix incorrect annotation placement for add_vline, add_hline, add_vrect, and add_hrect on datetime axes [#5508], with thanks to @​mosh3eb for the contribution!
• Update tests to be compatible with numpy 2.4 [#5522], with thanks to @​thunze for the contribution!
• Fix issue where js/ directory was unintentionally installed as a top-level Python package when installing plotly [#5587]
• Add default headers to be passed in to Kaleido v1.3.0 to avoid blocked Open Street Map tiles [#5588]
• Propagate the requested default_height/default_width to the outer wrapper div produced by to_html so that responsive (percentage) dimensions inherit from a sized parent container instead of collapsing to the plotly.js 450px fallback [#5591], with thanks to @​SharadhNaidu for the contribution!

Updated

• The __eq__ method for graph_objects classes now returns NotImplemented to give the other operand an opportunity to handle the comparison [#5547], with thanks to @​RazerM for the contribution!
• Update plotly.js from version 3.5.0 to version 3.6.0. See the plotly.js release notes for more information [#5608]. Notable changes include:
  • Add support for arrays for the pie property legendrank, so that it can be configured per slice [#7723]
  • Add hoversort layout attribute to sort unified hover label items by value [#7734]

Changelog

Sourced from plotly's changelog.

[6.8.0] - 2026-06-03

Added

• Add optional font parameter for make_subplots [#5393], with thanks to @​Zomtir for the contribution!

Fixed

• Fix issue where user-specified color_continuous_scale was ignored when template had autocolorscale=True [#5439], with thanks to @​antonymilne for the contribution!
• Use presence of COLAB_NOTEBOOK_ID env var to enable Colab renderer instead of testing import of google.colab [#5473], with thanks to @​kevineger for the contribution!
• Fix incorrect annotation placement for add_vline, add_hline, add_vrect, and add_hrect on datetime axes [#5508], with thanks to @​mosh3eb for the contribution!
• Update tests to be compatible with numpy 2.4 [#5522], with thanks to @​thunze for the contribution!
• Fix issue where js/ directory was unintentionally installed as a top-level Python package when installing plotly [#5587]
• Add default headers to be passed in to Kaleido v1.3.0 to avoid blocked Open Street Map tiles [#5588]
• Propagate the requested default_height/default_width to the outer wrapper div produced by to_html so that responsive (percentage) dimensions inherit from a sized parent container instead of collapsing to the plotly.js 450px fallback [#5591], with thanks to @​SharadhNaidu for the contribution!

Updated

• The __eq__ method for graph_objects classes now returns NotImplemented to give the other operand an opportunity to handle the comparison [#5547], with thanks to @​RazerM for the contribution!
• Update plotly.js from version 3.5.0 to version 3.6.0. See the plotly.js release notes for more information [#5608]. Notable changes include:
  • Add support for arrays for the pie property legendrank, so that it can be configured per slice [#7723]
  • Add hoversort layout attribute to sort unified hover label items by value [#7734]

Commits

• ea4eca8 Address PR feedback
• e57adbd Fix broken example
• b8c2bf4 Update Jupyter Lab extension files
• 2de1059 Update docs for release
• f94e304 Version changes for v6.8.0
• 7f2eb35 Merge pull request #5608 from plotly/cam/update-plotly.js-3.6.0
• f57cf96 Update command to run npm install for updateplotlyjs
• 1f26820 Update lock file
• 8f699a3 chore: Update plotly.js to v3.6.0
• f0755e5 Merge pull request #5605 from plotly/cam/pin-python-frontmatter
• Additional commits viewable in compare view

Updates tqdm from 4.67.3 to 4.68.0

Release notes

Sourced from tqdm's releases.

tqdm v4.68.0 stable

• utils: simplify terminal size detection (#1760)
• contrib
  • itertools (#1760)
    • add chain, permutations, combinations, combinations_with_replacement, batched
    • add product(repeat=1) keyword argument (#1428)
  • fix discord, telegram error handling
  • fix discord, slack, telegram format for total=None
• soft-deprecate tqdm.utils.envwrap -> envwrap
• benchmarks: fix asv
• misc linting
• misc framework updates
  • CI: migrate manual job to pre-commit.ci
  • bump workflow actions & pre-commit hooks

Commits

• ef4a142 bump version, merge pull request #1760 from tqdm/devel
• 17f246b lint warning suppression
• c682c7b benchmarks: fix asv
• fc69588 CI: migrate to pre-commit.ci
• a31d97f more contrib.itertools
• e4d9742 soft-deprecate tqdm.utils.envwrap -> envwrap
• 0de6e96 simplify terminal size detection
• f6f7828 framework: drop redundant config
• cfdb24d bump workflow actions, pre-commit
• 36d3bb5 fix contrib.{discord,slack,telegram} format for total=None
• Additional commits viewable in compare view

Updates holidays from 0.97 to 0.98

Release notes

Sourced from holidays's releases.

v0.98

Version 0.98

Released June 1, 2026

• Add NASDAQ (XNAS) holidays (#3586 by @​pareshjoshij)
• Update United Arab Emirates holidays: fix Thai localization (#3596 by @​KJhellico)
• Update Bhutan holidays (#3590 by @​KJhellico)
• Update l10n test: check .po files for missing entries comments (#3594 by @​KJhellico)
• Add 2025-2026 Islamic holidays exact dates for Indonesia and Philippines (#3591 by @​akshiDhi)
• Add Tibetan calendar generator (#3330 by @​Abiram08, @​KJhellico)
• Add pre-commit cache (#3589 by @​arkid15r)

New Contributors:

• @​akshiDhi made their first contribution in vacanza/holidays#3591

Full Changelog: vacanza/holidays@v0.97...v0.98

Changelog

Sourced from holidays's changelog.

Version 0.98

Released June 1, 2026

• Add NASDAQ (XNAS) holidays (#3586 by @​pareshjoshij)
• Update United Arab Emirates holidays: fix Thai localization (#3596 by @​KJhellico)
• Update Bhutan holidays (#3590 by @​KJhellico)
• Update l10n test: check .po files for missing entries comments (#3594 by @​KJhellico)
• Add 2025-2026 Islamic holidays exact dates for Indonesia and Philippines (#3591 by @​akshiDhi)
• Add Tibetan calendar generator (#3330 by @​Abiram08, @​KJhellico)
• Add pre-commit cache (#3589 by @​arkid15r)

Commits

• cf5b848 Merge pull request #3597 from vacanza/dev
• 2c33c61 Finalize v0.98
• af83976 Update United Arab Emirates holidays: fix Thai localization (#3596)
• 85511bf Update l10n test: check .po files for missing entries comments (#3594)
• 414f9db Update Bhutan holidays (#3590)
• eaf32f8 chore: Update snapshots (#3592)
• 75b2d70 Add NASDAQ (XNAS) holidays (#3586)
• 98b5213 Add Tibetan calendar generator (#3330)
• f06e031 Add 2025-2026 Islamic holidays exact dates for Indonesia and Philippines (#3591)
• 54203e2 Add pre-commit cache (#3589)
• Additional commits viewable in compare view

Updates mlflow-skinny from 3.12.0 to 3.13.0

Release notes

Sourced from mlflow-skinny's releases.

v3.13.0

MLflow 3.13.0 includes several major features and improvements

Major New Features

• 🔐 Role-Based Access Control & Admin UI: A full RBAC system with reusable roles and workspace-scoped grants, plus a new web Admin UI for managing users, roles, and permissions on self-hosted MLflow.
• 🗄️ Trace Retention & Auto Archival: Automatically move aged trace span data out of your SQL backend into object storage (e.g. S3) while keeping every trace fully readable in the UI and APIs.
• 🤖 One-click observability & governance for coding agents: Onboard Claude Code, OpenAI Codex, or Gemini CLI to the AI Gateway in one click for tracing, usage tracking, budgets, and guardrails.
• ✨ New engines for MLflow Assistant: Run MLflow Assistant on a local Ollama model, the OpenAI Codex CLI, or any MLflow AI Gateway endpoint, in addition to Claude Code.
• ☸️ Helm chart for Kubernetes: An official, production-ready Helm chart for deploying the MLflow tracking server to any Kubernetes cluster.
• 🌐 Hermes Agent support: Route the Hermes Agent runtime through the AI Gateway and capture its end-to-end traces in MLflow over OpenTelemetry.
• 🪵 Span log levels: Python-logging-style severity levels on spans, with a "Minimum log level" filter in the trace UI to hide low-level noise.

Breaking Changes

• The permission system has been overhauled into a unified Role-Based Access Control model. The legacy per-resource permission tables, REST endpoints, and client methods are removed and replaced by roles backed by role_permissions, default_permission now acts as a floor rather than an override, and a workspace USE grant is sufficient to create experiments and registered models. Code that relied on the old per-resource permission APIs must migrate to the new role-based APIs. (#22855, #22859, #22941, #23337, #23379, @​PattaraS)
• MLServer is no longer available as a pyfunc serving backend. The previously deprecated enable_mlserver option has been removed, so mlflow models serve always uses the built-in scoring server. (#23356, @​harupy)
• mlflow autolog claude no longer installs the old Python autolog hook; Claude Code tracing is now provided by the official Claude plugin, which must be installed separately. (

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

[dependabot]

Superseded by #956.