build(deps): bump the python-deps group with 4 updates

[dependabot]

Bumps the python-deps group with 4 updates: rdkit, numpy, requests and setuptools.

Updates rdkit from 2026.3.1 to 2026.3.2

Release notes

Sourced from rdkit's releases.

2026_03_3 (Q1 2026) Release

Release_2026.03.3

(Changes relative to Release_2026.03.2)

Acknowledgements

(Note: I'm no longer attempting to manually curate names. If you would like to see your contribution acknowledged with your name, please set your name in GitHub)

Reza Bagheri Alashti, Marco Ballarotto, Kevin Boyd, David Cosgrove, Gareth Jones, Huw Jones, Steven Kearnes, Brian Kelley, Clay Moore, Dan Nealschneider, Emily Rhodes, Ricardo Rodriguez, Raul Sofia, Chris Von Bargen

New Features and Enhancements:

• CIP labeller performance: Don't calculate auxiliary descriptors unnecessarily (github pull #9171 from d-b-w)
• Add optional default value to Mol.GetProp() in Python (github issue #9241 from emilyrrhodes)
• CIPLabeler performance: Store vector of bonds (github pull #9250 from d-b-w)
• Pandastools improvements (github pull #9251 from marcobICR)
• Add MMFF Property Getter functions to python interface (github issue #9253 from scal444)
• [bot] Update molecular templates header file (github pull #9269 from github-actions[bot])
• Adds some features to the C# SWIG wrappers (github pull #9274 from jones-gareth)
• MolDrawOptions: Option for Uniform Bond Colour with Coloured Atom Labels (github issue #9282 from hdj-elixirsoftware)
• add checked atom and bond iterators (github pull #9290 from greglandrum)
• Adds MolToCDXMLBlock to FileParsers (github pull #9291 from bp-kelley)
• add ability to block atoms/bonds from participating in tautomer zones (github pull #9297 from greglandrum)
• Improve synthon substructure search performance ~20% (github pull #9305 from d-b-w)

Documentation:

• Docs: fix CosineSimilarity formula and clarify similarity metric names in BitOps.h (github pull #9264 from rezabagher)

Bug Fixes:

• Extended fix for #9101 (github pull #9255 from RaulSofia)
• Segfault when calling MolToSmiles on submol (github issue #9270 from ricrogz)
• DrawText::setFontScale Atom Font Scaling Issue (github issue #9280 from hdj-elixirsoftware)

... (truncated)

Commits

• See full diff in compare view

Updates numpy from 2.4.4 to 2.4.6

Release notes

Sourced from numpy's releases.

v2.4.6 (May 18, 2026)

NumPy 2.4.6 Release Notes

NumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5 release.

This release supports Python versions 3.11-3.14

Contributors

A total of 4 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• !EarlMilktea
• Charles Harris
• Sebastian Berg
• Warren Weckesser

Pull requests merged

A total of 4 pull requests were merged for this release.

• #31444: MAINT: Prepare 2.4.x for further development
• #31453: BUG: Fix regression in arr.conj()
• #31459: BUG: np.linalg.svd(..., hermitian=True) returns non-unitary...
• #31460: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...

v2.4.5 (May 15, 2026)

NumPy 2.4.5 Release Notes

NumPy 2.4.5 is a patch release that fixes bugs discovered after the 2.4.4 release, has some typing improvements, and maintains infrastructure.

This release supports Python versions 3.11-3.14

Contributors

A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Aleksei Nikiforov
• Anarion Zuo +
• Ankit Ahlawat
• Breno Favaretto +
• Charles Harris
• Igor Krivenko +
• Ijtihed Kilani +
• Joren Hammudoglu
• Maarten Baert +

... (truncated)

Commits

• b832a09 Merge pull request #31462 from charris/prepare-2.4.6
• 57cc147 REL: Prepare for the NumPy 2.4.6 release
• 0c72b0b Merge pull request #31459 from charris/backport-31347
• 9778d26 BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...
• e0e3876 BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...
• d1bffeb BUG: np.linalg.svd(..., hermitian=True) returns non-unitary vh (#31347)
• 8d8d7e5 Merge pull request #31453 from seberg/issue-31452
• bddaab7 BUG: Fix regression in arr.conj()
• 37a1ecc Merge pull request #31444 from charris/begin-2.4.6
• 3c0e043 MAINT: Prepare 2.4.x for further development
• Additional commits viewable in compare view

Updates requests from 2.33.1 to 2.34.2

Release notes

Sourced from requests's releases.

v2.34.2

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2342-2026-05-14

v2.34.1

2.34.1 (2026-05-13)

Bugfixes

• Widened json input type from dict and list to Mapping and Sequence. (#7436)
• Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
• Response.reason moved from str | None to str to improve handling for users. (#7437)
• Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

New Contributors

• @​k223kim made their first contribution in psf/requests#7433

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2341-2026-05-13

v2.34.0

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The

... (truncated)

Changelog

Sourced from requests's changelog.

2.34.2 (2026-05-14)

• Moved headers input type back to Mapping to avoid invariance issues with MutableMapping and inferred dict types. Users calling Request.headers.update() may need to narrow typing in their code. (#7441)

2.34.1 (2026-05-13)

Bugfixes

• Widened json input type from dict and list to Mapping and Sequence. (#7436)
• Changed headers input type to MutableMapping and removed None from Request.headers typing to improve handling for users. (#7431)
• Response.reason moved from str | None to str to improve handling for users. (#7437)
• Fixed a bug where some bodies with custom __getattr__ implementations weren't being properly detected as Iterables. (#7433)

2.34.0 (2026-05-11)

Announcements

• Requests 2.34.0 introduces inline types, replacing those provided by typeshed. Public API types should be fully compatible with mypy, pyright, and ty. We believe types are comprehensive but if you find issues, please report them to the pinned tracking issue.

  Special thanks to @​bastimeyer, @​cthoyt, @​edgarrmondragon, and @​srittau for helping review and test the types ahead of the release. (#7272)

Improvements

• Digest Auth hashing algorithms have added usedforsecurity=False to clarify security considerations. (#7310)
• Requests added support for Python 3.15 based on beta1. Downstream projects should be able to start testing prior to its release in October. (#7422)
• Requests added support for Python 3.14t. (#7419)

Bugfixes

• Response.history no longer contains a reference to itself, preventing accidental looping when traversing the history list. (#7328)
• Requests no longer performs greedy matching on no_proxy domains. The proxy_bypass implementation has been updated with CPython's fix from bpo-39057. (#7427)
• Requests no longer incorrectly strips duplicate leading slashes in URI paths. This should address user issues with specific presigned URLs. Note the full fix requires urllib3 2.7.0+. (#7315)

Commits

• 6e83187 v2.34.2
• 84d10f0 Move Request.headers back to Mapping (#7441)
• b7b549b v2.34.1
• e511bc7 Fix mutability issues with headers input types (#7431)
• 5691f59 Update JsonType containers to read-based collections (#7436)
• 2144213 Constrain Response.reason to str (#7437)
• 6404f34 Fix prepare_body stream detection for __getattr__-based file wrappers (#7...
• 0b401c7 v2.34.0
• 86b378d Align Session.get parameters with requests.get (#7429)
• a4f9a59 Port bpo-39057 to Requests (#7427)
• Additional commits viewable in compare view

Updates setuptools from 81.0.0 to 82.0.1

Changelog

Sourced from setuptools's changelog.

v82.0.1

Bugfixes

• Fix the loading of launcher manifest.xml file. (#5047)
• Replaced deprecated json.__version__ with fixture in tests. (#5186)

Improved Documentation

• Add advice about how to improve predictability when installing sdists. (#5168)

Misc

• #4941, #5157, #5169, #5175

v82.0.0

Deprecations and Removals

• pkg_resources has been removed from Setuptools. Most common uses of pkg_resources have been superseded by the importlib.resources <https://docs.python.org/3/library/importlib.resources.html>_ and importlib.metadata <https://docs.python.org/3/library/importlib.metadata.html>_ projects. Projects and environments relying on pkg_resources for namespace packages or other behavior should depend on older versions of setuptools. (#3085)

Commits

• 5a13876 Bump version: 82.0.0 → 82.0.1
• 51ab8f1 Avoid using (deprecated) 'json.version' in tests (#5194)
• f9c37b2 Docs/CI: Fix intersphinx references (#5195)
• 8173db2 Docs: Fix intersphinx references
• 09bafbc Fix past tense on newsfragment
• 461ea56 Add news fragment
• c4ffe53 Avoid using (deprecated) 'json.version' in tests
• 749258b Cleanup pkg_resources dependencies and configuration (#5175)
• 2019c16 Parse ext-module.define-macros from pyproject.toml as list of tuples (#5169)
• b809c86 Sync setuptools schema with validate-pyproject (#5157)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.