build(deps): bump the production group across 1 directory with 7 updates

[dependabot]

Bumps the production group with 7 updates in the / directory:

Package	From	To
matplotlib	3.10.3	3.10.7
numpy	2.2.6	2.3.4
polars	1.29.0	1.35.1
scikit-learn	1.6.1	1.7.2
statsmodels	0.14.4	0.14.5
transformers	4.53.0	4.57.1
xxhash	3.5.0	3.6.0

Updates matplotlib from 3.10.3 to 3.10.7

Release notes

Sourced from matplotlib's releases.

REL: v3.10.7

This is the latest bugfix release in the 3.10.x series.

The most important update in this release is that the minimum version of pyparsing has been updated to version 3.0.

REL: v3.10.6

This is a bugfix release in the 3.10.x series.

Highlights from this release include:

- Fix regression of hi-dpi support for Qt
- Fix race condition in TexManager.make_dvi & make_png
- Various documentation and other bugfixes

REL: v3.10.5

This is the fourth bugfix release of the 3.10.x series.

Included in this release is distributed wheels for Python 3.14 (including freethreaded) and Windows ARM.

There are also several smaller bugfixes.

Commits

• 4aeb773 REL: v3.10.7
• 080add3 Merge branch 'v3.10.6-doc' into v3.10.x
• a604a8b Github Stats v3.10.7
• f550261 Zenodo v3.10.6
• 9a5e3e4 Merge pull request #30628 from meeseeksmachine/auto-backport-of-pr-30626-on-v...
• eb8cb0c Backport PR #30626: MNT: Fix new F401 unused imports warnings
• 8fadc71 Backport PR #29745: Use PEP8 style method and function names from (#30589)
• 098876e Merge pull request #30614 from meeseeksmachine/auto-backport-of-pr-30612-on-v...
• eb42d86 Backport PR #30612: MNT: update black pin
• 4a9c187 Merge pull request #30572 from QuLogic/auto-backport-of-pr-30571-on-v3.10.x
• Additional commits viewable in compare view

Updates numpy from 2.2.6 to 2.3.4

Release notes

Sourced from numpy's releases.

v2.3.4 (Oct 15, 2025)

NumPy 2.3.4 Release Notes

The NumPy 2.3.4 release is a patch release split between a number of maintenance updates and bug fixes. This release supports Python versions 3.11-3.14. This release is based on Python 3.14.0 final.

Changes

The npymath and npyrandom libraries now have a .lib rather than a .a file extension on win-arm64, for compatibility for building with MSVC and setuptools. Please note that using these static libraries is discouraged and for existing projects using it, it's best to use it with a matching compiler toolchain, which is clang-cl on Windows on Arm.

(gh-29750)

Contributors

A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• !DWesl
• Charles Harris
• Christian Barbia +
• Evgeni Burovski
• Joren Hammudoglu
• Maaz +
• Mateusz Sokół
• Matti Picus
• Nathan Goldbaum
• Ralf Gommers
• Riku Sakamoto +
• Sandeep Gupta +
• Sayed Awad
• Sebastian Berg
• Sergey Fedorov +
• Warren Weckesser
• dependabot[bot]

Pull requests merged

A total of 30 pull requests were merged for this release.

• #29725: MAINT: Prepare 2.3.x for further development
• #29781: MAINT: Pin some upstream dependences
• #29782: BLD: enable x86-simd-sort to build on KNL with -mavx512f
• #29783: BUG: Include python-including headers first (#29281)
• #29784: TYP: fix np.number and np.*integer method declaration
• #29785: TYP: mypy 1.18.1

... (truncated)

Commits

• 1458b9e REL: Prepare for the NumPy 2.3.4 release (#29955)
• 7583bed Merge pull request #29950 from charris/backport-29885
• 3186751 Merge pull request #29949 from charris/backport-29948
• 7fd2ad9 STY: rename @classmethod arg to cls
• fe8447d MAINT: Simplify string arena growth strategy (#29885)
• a90f073 Merge pull request #29940 from charris/backport-29937
• 55d91ab MAINT: Bump pypa/cibuildwheel from 3.1.4 to 3.2.1
• e2f0383 Merge pull request #29926 from charris/backport-29609
• b427e83 BUG: fix negative samples generated by Wald distribution (#29609)
• 36363d6 Merge pull request #29922 from charris/backport-29914
• Additional commits viewable in compare view

Updates polars from 1.29.0 to 1.35.1

Release notes

Sourced from polars's releases.

Python Polars 1.35.1

🚀 Performance improvements

• Don't recompute full rolling moment window when NaNs/nulls leave the window (#25078)
• Skip filtering scan IR if no paths were filtered (#25037)
• Optimize ipc stream read performance (#24671)

✨ Enhancements

• Support BYTE_ARRAY backed Decimals in Parquet (#25076)
• Allow glimpse to return a DataFrame (#24803)
• Add allow_empty flag to item (#25048)

🐞 Bug fixes

• The SQL interface should use logical, not bitwise, behaviour for unary "NOT" operator (#25091)
• Fix panic if scan predicate produces 0 length mask (#25089)
• Ensure SQL table alias resolution checks against CTE aliases on fallback (#25071)
• Panic in group_by_dynamic with group_by and multiple chunks (#25075)
• Minor improvement to internal is_pycapsule utility function (#25073)
• Fix panic when using struct field as join key (#25059)
• Allow broadcast in group_by for ApplyExpr and BinaryExpr (#25053)
• Fix field metadata for nested categorical PyCapsule export (#25052)
• Block predicate pushdown when group_by key values are changed (#25032)
• Group-By aggregation problems caused by AmortSeries (#25043)
• Don't push down predicates passed inserted cache nodes (#25042)
• Allow for negative time in group_by_dynamic iterator (#25041)

📖 Documentation

• Fix typo in public dataset URL (#25044)

🛠️ Other improvements

• Disable recursive CSPE for now (#25085)
• Change group length mismatch error to ShapeError (#25004)
• Update toolchain (#25007)

Thank you to all our contributors for making this release possible! @​Kevin-Patyk, @​Liyixin95, @​alexander-beedie, @​coastalwhite, @​kdn36, @​nameexhaustion, @​orlp, @​r-brink, @​ritchie46 and @​stijnherfst

Python Polars 1.35.0

🏆 Highlights

• Stabilize decimal (#25020)

🚀 Performance improvements

• Bump foldhash to 0.2.0 and hashbrown to 0.16.0 (#25014)
• Lower unique to native group-by and speed up n_unique in group-by context (#24976)

... (truncated)

Commits

• a99ad34 fix: The SQL interface should use logical, not bitwise, behaviour for unary...
• 84a0fee Python Polars 1.35.1 (#25090)
• b9e3136 refactor(rust): Remove old join projection pushdown logic (#25088)
• 7b423b6 fix: Fix panic if scan predicate produces 0 length mask (#25089)
• ce396f4 refactor: Disable recursive CSPE for now (#25085)
• 5ae1a1c perf: Don't recompute full rolling moment window when NaNs/nulls leave the wi...
• 209d833 refactor(rust): Remove unused row-count (#25080)
• 29b85ea chore(rust): Add proptest strategies for Series logical types (#24849)
• 92f67ca fix: Ensure SQL table alias resolution checks against CTE aliases on fallback...
• 0c5518a refactor(rust): Add stateful EwmCov kernel (#25065)
• Additional commits viewable in compare view

Updates scikit-learn from 1.6.1 to 1.7.2

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.7.2

We're happy to announce the 1.7.2 release.

This release contains a few bug fixes and is the first version supporting Python 3.14.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.7.html#version-1-7-2

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Thanks to everyone who contributed to this release !

Scikit-learn 1.7.1

We're happy to announce the 1.7.1 release.

This release contains fixes for a few regressions introduced in 1.7.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.7.html#version-1-7-1

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Thanks to everyone who contributed to this release !

Scikit-learn 1.7.0

We're happy to announce the 1.7.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_7_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.7.html

This version supports Python versions 3.10 to 3.13 and features an experimental support of free-threaded CPython.

You can upgrade with pip as usual:

... (truncated)

Commits

• 25dee60 missing tag in changelog [cd build]
• 290b5af bump upper bounds [cd build]
• 813681d CI Add Python 3.14 nightly wheels (#32012)
• 9cc302d fix changelog
• 6596658 fix changelog
• da98b43 generate changelog 1.7.2
• f2ff9e8 set version 1.7.2
• 8b41b0f Fix uncomparable values in SimpleImputer tie-breaking strategy (#31820)
• 401f6c4 DOC: Fix formatting issues with bold font and backquote (#31950)
• 3d063ad DOC Clean up Building from source instructions on macOS (#31938)
• Additional commits viewable in compare view

Updates statsmodels from 0.14.4 to 0.14.5

Release notes

Sourced from statsmodels's releases.

Release 0.14.5

This patch release fixes an issue with recent SciPy releases (1.16+) that prevented statsmodels from importing. It also addresses some small changes that improve future compatibility.

Commits

• 1107ea5 Merge pull request #9591 from bashtage/rls-0-14-5-notes
• f3b362a MAINT: Update CI
• e2249ab DOC: Final fixes
• 41758ad DOC: Add release note for 0.14.5
• aea8126 Merge pull request #9586 from bashtage/rls-0-14-5
• ccc1948 TST: Change optim options
• 2c5292b MAINT: Reduce noise for future changes
• d9ccc11 MAINT: Reduce noise for future changes
• 699740f TST: xfail test with issues and relax tol
• 132c549 MAINT: Reduce noise for future changes
• Additional commits viewable in compare view

Updates transformers from 4.53.0 to 4.57.1

Release notes

Sourced from transformers's releases.

Patch release v4.57.1

This patch most notably fixes an issue with an optional dependency (optax), which resulted in parsing errors with poetry. It contains the following fixes:

• fix optax dep issue
• remove offload_state_dict from kwargs
• Fix bnb fsdp loading for pre-quantized checkpoint (#41415)
• Fix tests fsdp (#41422)
• Fix trainer for py3.9 (#41359)

v4.57.0: Qwen3-Next, Vault Gemma, Qwen3 VL, LongCat Flash, Flex OLMO, LFM2 VL, BLT, Qwen3 OMNI MoE, Parakeet, EdgeTAM, OLMO3

New model additions

Qwen3 Next

The Qwen3-Next series represents the Qwen team's next-generation foundation models, optimized for extreme context length and large-scale parameter efficiency. The series introduces a suite of architectural innovations designed to maximize performance while minimizing computational cost:

• Hybrid Attention: Replaces standard attention with the combination of Gated DeltaNet and Gated Attention, enabling efficient context modeling.
• High-Sparsity MoE: Achieves an extreme low activation ratio as 1:50 in MoE layers — drastically reducing FLOPs per token while preserving model capacity.
• Multi-Token Prediction(MTP): Boosts pretraining model performance, and accelerates inference.
• Other Optimizations: Includes techniques such as zero-centered and weight-decayed layernorm, Gated Attention, and other stabilizing enhancements for robust training.

Built on this architecture, they trained and open-sourced Qwen3-Next-80B-A3B — 80B total parameters, only 3B active — achieving extreme sparsity and efficiency.

Despite its ultra-efficiency, it outperforms Qwen3-32B on downstream tasks — while requiring less than 1/10 of the training cost. Moreover, it delivers over 10x higher inference throughput than Qwen3-32B when handling contexts longer than 32K tokens.

For more details, please visit their blog Qwen3-Next (blog post).

• Adding Support for Qwen3-Next by @​bozheng-hit in #40771

Vault Gemma

VaultGemma is a text-only decoder model derived from Gemma 2, notably it drops the norms after the Attention and MLP blocks, and uses full attention for all layers instead of alternating between full attention and local sliding attention. VaultGemma is available as a pretrained model with 1B parameters that uses a 1024 token sequence length.

VaultGemma was trained from scratch with sequence-level differential privacy (DP). Its training data includes the same mixture as the Gemma 2 models, consisting of a number of documents of varying lengths. Additionally, it is trained using DP stochastic gradient descent (DP-SGD) and provides a (ε ≤ 2.0, δ ≤ 1.1e-10)-sequence-level DP guarantee, where a sequence consists of 1024 consecutive tokens extracted from heterogeneous data sources. Specifically, the privacy unit of the guarantee is for the sequences after sampling and packing of the mixture.

• add: differential privacy research model by @​RyanMullins in #40851

Qwen3 VL

Qwen3-VL is a multimodal vision-language model series, encompassing both dense and MoE variants, as well as Instruct and Thinking versions.

Building upon its predecessors, Qwen3-VL delivers significant improvements in visual understanding while maintaining strong pure text capabilities. Key architectural advancements include: enhanced MRope with interleaved layout for better spatial-temporal modeling, DeepStack integration to effectively leverage multi-level features from the Vision Transformer (ViT), and improved video understanding through text-based time alignment—evolving from T-RoPE to text timestamp alignment for more precise temporal grounding.

... (truncated)

Commits

• 8cb5963 Release: v4.57.1
• c6ae19e Fix trainer for py3.9 (#41359)
• e0c6038 Fix tests fsdp (#41422)
• 2fbd25c Fix bnb fsdp loading for pre-quantized checkpoint (#41415)
• a92b1e8 remove offload_state_dict from kwargs
• 0645c9e fix optax dep issue
• 8ac2b91 Release: v4.57.0
• 2ccc6ca v4.57.0 Branch (#41310)
• 438343d Don't list dropout in eager_paged_attention_forward (#40924)
• 449da6b Add FlexOlmo model (#40921)
• Additional commits viewable in compare view

Updates xxhash from 3.5.0 to 3.6.0

Release notes

Sourced from xxhash's releases.

v3.6.0

• Build wheels for Python 3.14
• Python free-threading support
• Typing: Use Buffer type stubs
• Deprecate xxhash.VERSION_TUPLE, it will be removed in the next major release

---

Full list of changes: ifduyue/python-xxhash@v3.5.0...v3.6.0

Changelog

Sourced from xxhash's changelog.

v3.6.0 2025-10-02

- Build wheels for Python 3.14
- Python free-threading support
- Typing: Use Buffer type stubs
- Deprecate xxhash.VERSION_TUPLE, it will be removed in the next major release

Commits

• 4fad0dd Prepare 3.6.0
• fdfcd18 Mark VERSION_TUPLE deprecated
• 7ff1c53 Already enable python free-threading in github action yaml
• 601c103 Add trove Programming Language :: Python :: Free Threading :: 1 - Unstable
• 3bfe968 ci: cibuildwheel enable cpython-freethreading
• 87e78a7 Add trove Programming Language :: Python :: 3.14
• 341b44b Bump actions/checkout from 4 to 5
• c918900 Bump actions/download-artifact from 4 to 5
• 4655adb Bump actions/setup-python from 5 to 6
• d200a9d Bump pypa/gh-action-pypi-publish in /.github/workflows
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.