deps: bump the prod-deps group across 1 directory with 7 updates

[dependabot]

Bumps the prod-deps group with 7 updates in the / directory:

Package	From	To
pandas	2.3.3	3.0.2
requests	2.32.5	2.33.1
geopandas	1.1.2	1.1.3
tqdm	4.67.1	4.67.3
matplotlib	3.10.8	3.10.9
fastparquet	2025.12.0	2026.3.0
pyarrow	22.0.0	24.0.0

Updates pandas from 2.3.3 to 3.0.2

Release notes

Sourced from pandas's releases.

pandas 3.0.2

We are pleased to announce the release of pandas 3.0.2. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

pandas 3.0.1

We are pleased to announce the release of pandas 3.0.1. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

pandas 3.0.0

We are pleased to announce the release of pandas 3.0.0, a major release from the pandas 2.x series. This release includes various new features, bug fixes, and performance improvements, as well as possible breaking changes.

The pandas 3.0 release removed a functionality that was deprecated in previous releases. It is recommended to first upgrade to pandas 2.3 and to ensure your code is working without warnings, before upgrading to pandas 3.0.

Highlights include:

• Dedicated string data type by default
• Consistent copy/view behaviour with Copy-on-Write (CoW) (a.k.a. getting rid of the SettingWithCopyWarning)
• New default resolution for datetime-like data
• Initial support for the new pd.col syntax

... (truncated)

Commits

• ab90747 RLS: 3.0.2 (#64934)
• 6f27013 Backport PR #64931 on branch 3.0.x (DOC/BLD: temporary disable upload of docs...
• 48ddc60 Backport PR #64664 on branch 3.0.x (BUG: DataFrame.sum() crashes on empty Dat...
• 8774488 [backport 3.0.x] PERF: fix slow python loop in validation for ArrowStringArra...
• 33af6cc Backport PR #64133 on branch 3.0.x (BUG: str.find returns byte offset instead...
• 4ef49d8 [backport 3.0.x] BUG: fix convert_dtypes dropping values from sliced mixed-dt...
• 0668f34 [backport 3.0.x] BUG: Fix HDFStore.put with StringDtype columns and compressi...
• 23f2f44 [backport 3.0.x] BUG: Suppress unnecessary RuntimeWarning in to_datetime with...
• 83ba804 Backport PR #64886: BUG: Compute Variance of Complex Numbers Correctly (#64892)
• bb5ca1a Backport PR #64386 on branch 3.0.x (BUG: fix sort_index AssertionError with R...
• Additional commits viewable in compare view

Updates requests from 2.32.5 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

New Contributors

• @​ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

v2.33.0

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

New Contributors

• @​M0d3v1 made their first contribution in psf/requests#6865
• @​aminvakil made their first contribution in psf/requests#7220
• @​E8Price made their first contribution in psf/requests#6960
• @​mitre88 made their first contribution in psf/requests#7244
• @​magsen made their first contribution in psf/requests#6553
• @​Rohan5commit made their first contribution in psf/requests#7227

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2330-2026-03-25

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

2.33.0 (2026-03-25)

Announcements

• 📣 Requests is adding inline types. If you have a typed code base that uses Requests, please take a look at #7271. Give it a try, and report any gaps or feedback you may have in the issue. 📣

Security

• CVE-2026-25645 requests.utils.extract_zipped_paths now extracts contents to a non-deterministic location to prevent malicious file replacement. This does not affect default usage of Requests, only applications calling the utility function directly.

Improvements

• Migrated to a PEP 517 build system using setuptools. (#7012)

Bugfixes

• Fixed an issue where an empty netrc entry could cause malformed authentication to be applied to Requests on Python 3.11+. (#7205)

Deprecations

• Dropped support for Python 3.9 following its end of support. (#7196)

Documentation

• Various typo fixes and doc improvements.

Commits

• 111d2b7 v2.33.1
• f0198e6 Fix malformed value parsing for Content-Type (#7309)
• bc7dd0f Fix cosmetic header validity parsing regex (#7308)
• 4443b1a Fix unintended test extra (#7306)
• 389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
• 7407309 Packaging: DRY out extras definition (#7277)
• bc04dfd v2.33.0
• 66d21cb Merge commit from fork
• 8b9bc8f Move badges to top of README (#7293)
• e331a28 Remove unused extraction call (#7292)
• Additional commits viewable in compare view

Updates geopandas from 1.1.2 to 1.1.3

Release notes

Sourced from geopandas's releases.

Version 1.1.3

What's Changed

This release addresses a handful of small compatibility issues with pandas 3.0 and backports some bugfixes.

Bug fixes:

• Improved compatibility with pandas 3.0 Copy-on-Write feature, making use of deferred copies where possible (#3298, #3711).
• Fix GeoSeries.sample_points not accepting list-like size when generating points using pointpaterns (#3710).
• Fix from_wkt/wkb to correctly handle missing values with pandas 3 (where the new str dtype is used) (#3714).
• Fix to_postgis to correctly handle missing values with pandas 3 (where the new str dtype is used) (#3722).
• Using loc to assign column values to a new row index now correctly preserves the column CRS and geometry dtype on pandas 3.1, due to an upstream bug fix (#3741, Pandas #62523)
• Random states in pointpats methods of sample_points can now be fixed with rng (#3737).

Full Changelog: geopandas/geopandas@v1.1.2...v1.1.3

Changelog

Sourced from geopandas's changelog.

Version 1.1.3 (March 10, 2026)

This release addresses a handful of small compatibility issues with pandas 3.0 and backports some bugfixes.

Bug fixes:

• Improved compatibility with pandas 3.0 Copy-on-Write feature, making use of deferred copies where possible (#3298, #3711).
• Fix GeoSeries.sample_points not accepting list-like size when generating points using pointpaterns (#3710).
• Fix from_wkt/wkb to correctly handle missing values with pandas 3 (where the new str dtype is used) (#3714).
• Fix to_postgis to correctly handle missing values with pandas 3 (where the new str dtype is used) (#3722).
• Using loc to assign column values to a new row index now correctly preserves the column CRS and geometry dtype on pandas 3.1, due to an upstream bug fix (#3741, Pandas #62523)
• Random states in pointpats methods of sample_points`` can now be fixed with rng` (#3737).

Commits

• f5fe3ff RLS: v1.1.3
• c104670 pointpats <2.5.3 test compat
• af36b14 ENH: add pointpats as an optional dependency & pass in rng (#3737)
• d9ed84a COMPAT: fix failing test for loc concatenation crs preservation with pandas 3...
• 1b1ddc2 MAINT: use trusted publishing for releasing to PyPI (#3734)
• 8d0c05d changelog
• a424f17 Avoid returning deep copies with pandas 3.0 (with Copy-on-Write) (#3298)
• 03fa43e MAINT: cleanup release warning for project.license table (#3603)
• 29fdb30 CI: remove usage of PANDAS_FUTURE_INFER_STRINGS=0 (#3715)
• 9070e13 missing changelog entries
• Additional commits viewable in compare view

Updates tqdm from 4.67.1 to 4.67.3

Release notes

Sourced from tqdm's releases.

tqdm v4.67.3 stable

• fix py3.7 dependencies (#1706 <- #1705)

tqdm v4.67.2 stable

• support pandas>=3 (#1703 <- #1701, #1650, #1700)
• fix format_interval for negative numbers (#1703)
• misc linting
• framework updates (#1704)
  • bump CI workflow & pre-commit dependencies
  • add pyupgrade
  • add py3.13 support
  • fix py3.7 tests
  • update setuptools-scm usage
  • support auto-dedented docstrings when building docs in py3.13
• tests: relax flaky benchmarks

Commits

• 75bdb6c fix py3.7 compat
• 09a863b bump version, merge pull request #1704 from tqdm/devel
• 33d24cd update pyproject syntax
• 70b9124 add py3.13 support
• a74d8f8 drop _dist_ver
• 14d72e2 Merge pull request #1703 from wingding12/fix-pandas-3.0-and-negative-interval
• a69dac8 fix dedented docstrings
• a986d22 tests: fix pandas deprecation warnings
• bb7aa4d tests: fix pandas deprecated applymap
• 0647db1 misc tidy
• Additional commits viewable in compare view

Updates matplotlib from 3.10.8 to 3.10.9

Release notes

Sourced from matplotlib's releases.

v3.10.9

This is a micro release of the v3.10.x series. Highlights of this release include:

• Various minor bug and doc fixes
• Security hardening validation of cyclers - Removing eval usage
• Security hardening in Latex and PS calls - Removing shell escapes

Commits

• dd8d78b REL: v3.10.9
• 2fb1891 REL: Release prep v3.10.9
• d0e923a Merge branch 'v3.10.8-doc' into v3.10.x
• 1637932 Merge pull request #31558 from meeseeksmachine/auto-backport-of-pr-31556-on-v...
• a83faac Backport PR #31556: FIX: Inverted PyErr_Occurred check in enum type caster (_...
• a4f57ab Merge pull request #31545 from ksunden/backport-of-pr-31282-on-v3.10.x
• 063288d Merge pull request #31544 from ksunden/backport-of-pr-31248-on-v3.10.x
• b2ed196 Backport PR #31248: SEC: Remove eval() from validate_cycler
• acc6024 Merge pull request #31282 from scottshambaugh/tex_no_shell
• e3fb541 Merge pull request #31078 from meeseeksmachine/auto-backport-of-pr-31075-on-v...
• Additional commits viewable in compare view

Updates fastparquet from 2025.12.0 to 2026.3.0

Commits

• dfe8d4e Add retirement message (#973)
• 6daebf1 fix BYTE_ARRAY_DECIMAL conversion (#971)
• See full diff in compare view

Updates pyarrow from 22.0.0 to 24.0.0

Release notes

Sourced from pyarrow's releases.

Apache Arrow 24.0.0

Release Notes URL: https://arrow.apache.org/release/24.0.0.html

Apache Arrow 24.0.0 RC0

Release Notes: Release Candidate: 24.0.0 RC0

Apache Arrow 23.0.1

Release Notes URL: https://arrow.apache.org/release/23.0.1.html

Apache Arrow 23.0.1 RC0

Release Notes: Release Candidate: 23.0.1 RC0

Apache Arrow 23.0.0

Release Notes URL: https://arrow.apache.org/release/23.0.0.html

Apache Arrow 23.0.0 RC2

Release Notes: Release Candidate: 23.0.0 RC2

Commits

• 31b4b6c MINOR: [Release] Update versions for 24.0.0
• 06dbc17 MINOR: [Release] Update .deb/.rpm changelogs for 24.0.0
• a021d80 MINOR: [Release] Update CHANGELOG.md for 24.0.0
• 2d6b12c GH-49716: [C++] FixedShapeTensorType::Deserialize should strictly validate se...
• a74cb6a GH-49697: [C++][CI] Check IPC file body bounds are in sync with decoder outco...
• 871a0c6 GH-49676: [Python][Packaging] Fix gRPC docker image layer being too big for h...
• f9203b3 GH-49586: [C++][CI] StructToStructSubset test failure with libc++ 22.1.1 (#49...
• fe298b4 GH-49628: [Python][Interchange protocol] Suppress warnings for pandas 4.0.0 a...
• 1f94910 GH-49252: [GLib] Deprecate Feather features (#49673)
• 5ba5c3c GH-49671: [CI][Docs] Don't run jobs for push by Dependabot (#49672)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions