Skip to content

Bump the python-patch-and-minor group across 1 directory with 6 updates#400

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-wrapper/python-patch-and-minor-a8d791d24f
Open

Bump the python-patch-and-minor group across 1 directory with 6 updates#400
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/python-wrapper/python-patch-and-minor-a8d791d24f

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jul 10, 2026

Copy link
Copy Markdown
Contributor

Bumps the python-patch-and-minor group with 6 updates in the /python-wrapper directory:

Package From To
snowflake-snowpark-python 1.52.0 1.53.1
streamlit 1.58.0 1.59.2
ruff 0.15.17 0.15.22
mypy 2.1.0 2.3.0
pytest 9.0.3 9.1.1
selenium 4.44.0 4.46.0

Updates snowflake-snowpark-python from 1.52.0 to 1.53.1

Release notes

Sourced from snowflake-snowpark-python's releases.

Release

1.53.1 (2026-07-14)

No user-facing changes in this release.

Release

1.53.0 (2026-07-09)

Snowpark Python API Updates

New Features

  • Added the udf_init_once decorator in snowflake.snowpark.functions for marking functions to be executed once during pre-fork initialization on Snowflake workers, matching the server-side _snowflake.udf_init_once API.

Bug Fixes

  • Fixed a bug where stage paths and file format names that contain single quotes were not consistently escaped when generating SQL, which could produce malformed statements. This affects INFER_SCHEMA (used by DataFrameReader.csv/json/parquet/orc/avro) and COPY FILES (used by FileOperation.copy_files).
  • Fixed a bug where single quotes and backslashes in stage/file paths were not correctly escaped when generating COPY INTO / PUT / GET SQL, which could produce malformed statements. This affects DataFrame.write.csv/copy_into_location and the Snowpark-pandas DataFrame.to_csv stage path.
  • Fixed a bug where column names containing quote characters returned by an external database were not correctly escaped when generating the SELECT query for DataFrameReader.dbapi, which could produce malformed SQL. Embedded quote characters in identifiers are now doubled (backticks for Databricks/MySQL, double quotes for Oracle/PostgreSQL/SQL Server).
  • Fixed a bug where the destination passed to DataFrameWriter.copy_into_location (and csv/json/parquet/save) was embedded into the generated COPY INTO statement without quoting, which could produce malformed SQL for locations containing single quotes. The location is now consistently quoted and escaped, and a string that merely starts and ends with a single quote but contains unescaped interior quotes is no longer treated as an already-quoted literal; it is fully escaped so it stays a single SQL string literal.
  • Fixed a bug where UDF default argument values reconstructed from a source file in register_from_file were evaluated with eval(); they are now evaluated only against the documented set of supported default-value types, and unsupported expressions are ignored.
  • Fixed a bug where object_name, object_domain, or object_version values containing single quotes or backslashes in session.lineage.trace() caused incorrect SQL generation. These values are now properly escaped before being embedded in the SYSTEM$DGQL call.
  • Fixed a bug where single quotes and backslashes in comment (create_or_replace_view / dynamic table / save_as_table), collation specs (Column.collate), VARIANT/OBJECT subfield keys (Column[...]), and DataFrame/Session.flatten paths were not correctly escaped when generating SQL, which could produce malformed statements. Backslash sequences (e.g. \t, \n) in these values are now applied literally rather than interpreted.
  • Fixed a bug where string values in the AI functions (ai_extract, ai_classify, ai_similarity, ai_parse_document, ai_transcribe, ai_complete) configuration and response_format were not correctly escaped when generating the SQL object literal, which could produce malformed statements when a value contained single quotes or backslashes (for example, an apostrophe in a natural-language question).

Dependency Updates

  • Lifted protobuf restriction for Python 3.14 from ==5.29.3 to >=5.29.3,<6.34.
  • Capped pandas to <3.0.0 for the [pandas] install extra, as Snowpark Python pandas-related features may not be fully compatible with pandas 3.0 or later.
Changelog

Sourced from snowflake-snowpark-python's changelog.

1.53.1 (2026-07-14)

No user-facing changes in this release.

1.53.0 (2026-07-09)

Snowpark Python API Updates

New Features

  • Added the udf_init_once decorator in snowflake.snowpark.functions for marking functions to be executed once during pre-fork initialization on Snowflake workers, matching the server-side _snowflake.udf_init_once API.

Bug Fixes

  • Fixed a bug where stage paths and file format names that contain single quotes were not consistently escaped when generating SQL, which could produce malformed statements. This affects INFER_SCHEMA (used by DataFrameReader.csv/json/parquet/orc/avro) and COPY FILES (used by FileOperation.copy_files).
  • Fixed a bug where single quotes and backslashes in stage/file paths were not correctly escaped when generating COPY INTO / PUT / GET SQL, which could produce malformed statements. This affects DataFrame.write.csv/copy_into_location and the Snowpark-pandas DataFrame.to_csv stage path.
  • Fixed a bug where column names containing quote characters returned by an external database were not correctly escaped when generating the SELECT query for DataFrameReader.dbapi, which could produce malformed SQL. Embedded quote characters in identifiers are now doubled (backticks for Databricks/MySQL, double quotes for Oracle/PostgreSQL/SQL Server).
  • Fixed a bug where the destination passed to DataFrameWriter.copy_into_location (and csv/json/parquet/save) was embedded into the generated COPY INTO statement without quoting, which could produce malformed SQL for locations containing single quotes. The location is now consistently quoted and escaped, and a string that merely starts and ends with a single quote but contains unescaped interior quotes is no longer treated as an already-quoted literal; it is fully escaped so it stays a single SQL string literal.
  • Fixed a bug where UDF default argument values reconstructed from a source file in register_from_file were evaluated with eval(); they are now evaluated only against the documented set of supported default-value types, and unsupported expressions are ignored.
  • Fixed a bug where object_name, object_domain, or object_version values containing single quotes or backslashes in session.lineage.trace() caused incorrect SQL generation. These values are now properly escaped before being embedded in the SYSTEM$DGQL call.
  • Fixed a bug where single quotes and backslashes in comment (create_or_replace_view / dynamic table / save_as_table), collation specs (Column.collate), VARIANT/OBJECT subfield keys (Column[...]), and DataFrame/Session.flatten paths were not correctly escaped when generating SQL, which could produce malformed statements. Backslash sequences (e.g. \t, \n) in these values are now applied literally rather than interpreted.
  • Fixed a bug where string values in the AI functions (ai_extract, ai_classify, ai_similarity, ai_parse_document, ai_transcribe, ai_complete) configuration and response_format were not correctly escaped when generating the SQL object literal, which could produce malformed statements when a value contained single quotes or backslashes (for example, an apostrophe in a natural-language question).

Dependency Updates

  • Lifted protobuf restriction for Python 3.14 from ==5.29.3 to >=5.29.3,<6.34.
  • Capped pandas to <3.0.0 for the [pandas] install extra, as Snowpark Python pandas-related features may not be fully compatible with pandas 3.0 or later.
Commits
  • 07e57b1 Update CHANGELOG
  • 8848788 Prepare release v1.53.1
  • 361cd43 NO SNOW: 1.53.0 merge back (#4283)
  • 9a6ac71 feat: Iceberg WAP branch read via BRANCH time travel (#4267)
  • 9936613 SNOW-3746330 Auto register query listener for Snowflake VS Code Extension (#4...
  • 54efe1e NO SNOW: update model in ai complete (#4281)
  • 781994f SNOW-3489991: Block flattening of dropped NEW columns in connect mode (#4259)
  • f2a8b5e NO-SNOW: cap pandas dep (#4278)
  • 6b733ad SNOW-3727513: Remove stale libffi <=3.4.4 cap from conda recipe (#4277)
  • f4a55af Add Iceberg incremental read via CHANGES AT(VERSION) END(VERSION) (#4262)
  • Additional commits viewable in compare view

Updates streamlit from 1.58.0 to 1.59.2

Release notes

Sourced from streamlit's releases.

1.59.2

Full Changelog: streamlit/streamlit@1.59.1...1.59.2

1.59.1

Full Changelog: streamlit/streamlit@1.59.0...1.59.1

1.59.0

What's Changed

Breaking Changes 🛠

New Features 🎉

Bug Fixes 🐛

... (truncated)

Commits

Updates ruff from 0.15.17 to 0.15.22

Release notes

Sourced from ruff's releases.

0.15.22

Release Notes

Released on 2026-07-16.

Preview features

  • [pycodestyle] Add an autofix for E402 (#22212)
  • [refurb] Allow subclassing builtins in stub files (FURB189) (#26812)
  • [ruff] Add rule to replace noqa comments with ruff:ignore (RUF105) (#26423)
  • [ruff] Add rule to use human-readable names in ruff:ignore comments (RUF106) (#26682)
  • [ruff] Add rule to use human-readable names in configuration selectors (RUF201) (#26772)

Bug fixes

  • [flake8-pyi] Fix false positive in __all__ (PYI053) (#26872)

Rule changes

  • [pylint] Ignore mutable type updates in redefined-loop-name (PLW2901) (#25733)

Performance

  • Avoid redundant lexer token bookkeeping (#26765)
  • Avoid redundant pending-indentation writes (#26774)
  • Avoid unnecessary identifier lookahead (#26525)
  • Reuse parser scratch buffers (#26798)

Documentation

  • Document argfile support (#26803)
  • [flake8-datetimez] Clarify naming guidance for datetime.today (DTZ002) (#26658)
  • [pycodestyle] Document E731 fix safety (#26847)
  • [ruff] Clarify intentional async contexts for unused-async (RUF029) (#26641)

Contributors

Install ruff 0.15.22

Install prebuilt binaries via shell script

</tr></table> 

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.22

Released on 2026-07-16.

Preview features

  • [pycodestyle] Add an autofix for E402 (#22212)
  • [refurb] Allow subclassing builtins in stub files (FURB189) (#26812)
  • [ruff] Add rule to replace noqa comments with ruff:ignore (RUF105) (#26423)
  • [ruff] Add rule to use human-readable names in ruff:ignore comments (RUF106) (#26682)
  • [ruff] Add rule to use human-readable names in configuration selectors (RUF201) (#26772)

Bug fixes

  • [flake8-pyi] Fix false positive in __all__ (PYI053) (#26872)

Rule changes

  • [pylint] Ignore mutable type updates in redefined-loop-name (PLW2901) (#25733)

Performance

  • Avoid redundant lexer token bookkeeping (#26765)
  • Avoid redundant pending-indentation writes (#26774)
  • Avoid unnecessary identifier lookahead (#26525)
  • Reuse parser scratch buffers (#26798)

Documentation

  • Document argfile support (#26803)
  • [flake8-datetimez] Clarify naming guidance for datetime.today (DTZ002) (#26658)
  • [pycodestyle] Document E731 fix safety (#26847)
  • [ruff] Clarify intentional async contexts for unused-async (RUF029) (#26641)

Contributors

0.15.21

Released on 2026-07-09.

Preview features

... (truncated)

Commits

Updates mypy from 2.1.0 to 2.3.0

Changelog

Sourced from mypy's changelog.

Mypy Release Notes

Next Release

Packaging changes

Mypy 2.3

We've just uploaded mypy 2.3.0 to the Python Package Index (PyPI). Mypy is a static type checker for Python. This release includes new features, performance improvements and bug fixes. You can install it as follows:

python3 -m pip install -U mypy

You can read the full documentation for this release on Read the Docs.

The Upcoming Switch to the New Native Parser

We are planning to enable the new native parser (--native-parser) by default soon. We recommend that you test the native parser in your projects and report any issues in the mypy issue tracker.

Mypyc Free-threading Memory Safety

Free-threaded Python builds that don't have the GIL require additional synchronization primitives or lock-free algorithms to ensure memory safety when there are race conditions (for example, when a thread reads a list item while another thread writes the same list item concurrently). This release greatly improves memory safety of free threading.

List operations are now memory-safe on free threaded Python builds, even in the presence of race conditions. This has some performance cost. For list-heavy workloads, using librt.vecs.vec instead of list is often significantly faster, but note that vec is not (and likely won't be) fully memory safe, and the user is expected to avoid race conditions. The newly introduced librt.threading.Lock helps with this. Using variable-length tuples can also be more efficient than lists, since tuples are immutable and don't require expensive synchronization to ensure memory safety.

Instance attribute access is also (mostly) memory safe now on free-threaded builds in the presence of race conditions. We are planning to fix the remaining unsafe cases in a future release.

Full list of changes:

  • Make attribute access memory safe on free-threaded builds (Jukka Lehtosalo, PR 21705)
  • Fix unsafe borrowing of instance attributes with free-threading (Jukka Lehtosalo, PR 21688)
  • Make list get/set item more memory safe on free-threaded builds (Jukka Lehtosalo, PR 21683)
  • Don't borrow list items on free-threaded builds (Jukka Lehtosalo, PR 21679)
  • Make multiple assignment from list memory-safe on free-threaded builds (Jukka Lehtosalo, PR 21684)

... (truncated)

Commits
  • 8aabf84 Drop +dev from version
  • 4d8ad2a Update changelog for 2.3 release (#21728)
  • 2c21546 [mypyc] Update documentation of race conditions under free threading (#21726)
  • a9f62a3 [mypyc] Make attribute access memory safe on free-threaded builds (#21705)
  • 0faa413 Use PYODIDE environment variable for Emscripten cross-compilation detection...
  • 3d75cdb [mypyc] Borrow final attributes more aggressively (#21702)
  • 24c237d [mypyc] Improve documentation of Final (#21713)
  • b5be217 [mypyc] Update free threading Python compatibility docs (#21711)
  • cbcb51a Narrow for frozendict membership check (#21709)
  • af2bc0f Sync typeshed (#21707)
  • Additional commits viewable in compare view

Updates pytest from 9.0.3 to 9.1.1

Release notes

Sourced from pytest's releases.

9.1.1

pytest 9.1.1 (2026-06-19)

Bug fixes

  • #14220: Fixed a logic bug in pytest.RaisesGroup which would might cause it to display incorrect "It matches FooError() which was paired with BarError" messages.
  • #14591: Fixed a regression in pytest 9.1.0 which caused overriding a parametrized fixture with an indirect @​pytest.mark.parametrize to fail with "duplicate parametrization of '<fixture name>'".
  • #14606: Fixed list-item typing errors from mypy in @pytest.mark.parametrize <pytest.mark.parametrize ref> argvalues parameter.
  • #14608: Fixed a regression in pytest 9.1.0 where conftest.py files located in <invocation dir>/test* were no longer loaded as initial conftests when invoked without arguments. This could cause certain hooks (like pytest_addoption) in these files to not fire.

9.1.0

pytest 9.1.0 (2026-06-13)

Removals and backward incompatible breaking changes

  • #14533: When using --doctest-modules, autouse fixtures with module, package or session scope that are defined inline in Python test modules (not plugins or conftests) will now possibly execute twice.

    If this is undesirable, move the fixture definition to a conftest.py file if possible.

    Technical explanation for those interested: When using --doctest-modules, pytest possibly collects Python modules twice, once as pytest.Module and once as a DoctestModule (depending on the configuration). Due to improvements in pytest's fixture implementation, if e.g. the DoctestModule collects a fixture, it is now visible to it only, and not to the Module. This means that both need to register the fixtures independently.

Deprecations (removal in next major release)

  • #10819: Added a deprecation warning for class-scoped fixtures defined as instance methods (without @classmethod). Such fixtures set attributes on a different instance than the test methods use, leading to unexpected behavior. Use @classmethod decorator instead -- by yastcher.

    See 10819 and 14011.

  • #12882: Calling request.getfixturevalue() <pytest.FixtureRequest.getfixturevalue> during teardown to request a fixture that was not already requested is now deprecated and will become an error in pytest 10.

    See dynamic-fixture-request-during-teardown for details.

  • #13409: Using non-~collections.abc.Collection iterables (such as generators, iterators, or custom iterable objects) for the argvalues parameter in @pytest.mark.parametrize <pytest.mark.parametrize ref> and metafunc.parametrize <pytest.Metafunc.parametrize> is now deprecated.

    These iterables get exhausted after the first iteration, leading to tests getting unexpectedly skipped in cases such as running pytest.main() multiple times, using class-level parametrize decorators, or collecting tests multiple times.

    See parametrize-iterators for details and suggestions.

  • #13946: The private config.inicfg attribute is now deprecated. Use config.getini() <pytest.Config.getini> to access configuration values instead.

    See config-inicfg for more details.

  • #14004: Passing baseid to ~pytest.FixtureDef or nodeid strings to fixture registration APIs is now deprecated. These are internal pytest APIs that are used by some plugins.

... (truncated)

Commits
  • cf470ec Prepare release version 9.1.1
  • e0c8ce6 Merge pull request #14625 from pytest-dev/patchback/backports/9.1.x/a07c31a97...
  • 1b82d16 Merge pull request #14624 from pytest-dev/patchback/backports/9.1.x/b375b79ec...
  • 501c4bc Merge pull request #14596 from bluetech/doc-classmethod
  • b61f588 Merge pull request #14622 from chrisburr/fix-14608-initial-conftest-test-subdir
  • 9a567e0 [automated] Update plugin list (#14617) (#14618)
  • ef8b299 Merge pull request #14620 from pytest-dev/patchback/backports/9.1.x/680f9f3ed...
  • 66abd07 Merge pull request #14220 from bysiber/fix-stale-iexp-raisesgroup
  • 79fbf93 Merge pull request #14612 from pytest-dev/patchback/backports/9.1.x/974ed48b6...
  • 0d312eb Merge pull request #14611 from bluetech/parametrize-argvalues-typing
  • Additional commits viewable in compare view

Updates selenium from 4.44.0 to 4.46.0

Release notes

Sourced from selenium's releases.

Selenium 4.46.0

Detailed Changelogs by Component

Java     |     Python     |     DotNet     |     Ruby     |     JavaScript

What's Changed

... (truncated)

Commits
  • df5a634 [build] Prepare for release of selenium-4.46.0 (#17763)
  • a6a14b4 bumping ts rules (#17760)
  • 726666b [rust] Prevent path traversal in tar and pkg extraction (#17668). Reported by...
  • 8b85e9a [build] Resolve Chrome milestone from Chrome-for-Testing channel version (#17...
  • 9f6ccde [java][bidi] Track events subscriptions using subscription ids (#17759)
  • 4177888 [java] Move BiDi creation to RemoteWebDriver. Add enable BiDi to SafariOption...
  • 185e626 [build] fix python linting in format.sh script
  • 15ee583 [build] document .local customization and add PR review guidance (#17756)
  • ee4057c Add guidance for testing conventions in each language (#16734)
  • 4c140e1 [build] Add update_cddl script to refresh pinned w3c/webref CDDL files (#17743)
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 10, 2026
@dependabot
dependabot Bot force-pushed the dependabot/pip/python-wrapper/python-patch-and-minor-a8d791d24f branch from 7fe7e19 to 25e2e6b Compare July 10, 2026 15:47
Bumps the python-patch-and-minor group with 6 updates in the /python-wrapper directory:

| Package | From | To |
| --- | --- | --- |
| [snowflake-snowpark-python](https://github.com/snowflakedb/snowpark-python) | `1.52.0` | `1.53.1` |
| [streamlit](https://github.com/streamlit/streamlit) | `1.58.0` | `1.59.2` |
| [ruff](https://github.com/astral-sh/ruff) | `0.15.17` | `0.15.22` |
| [mypy](https://github.com/python/mypy) | `2.1.0` | `2.3.0` |
| [pytest](https://github.com/pytest-dev/pytest) | `9.0.3` | `9.1.1` |
| [selenium](https://github.com/SeleniumHQ/Selenium) | `4.44.0` | `4.46.0` |



Updates `snowflake-snowpark-python` from 1.52.0 to 1.53.1
- [Release notes](https://github.com/snowflakedb/snowpark-python/releases)
- [Changelog](https://github.com/snowflakedb/snowpark-python/blob/main/CHANGELOG.md)
- [Commits](snowflakedb/snowpark-python@v1.52.0...v1.53.1)

Updates `streamlit` from 1.58.0 to 1.59.2
- [Release notes](https://github.com/streamlit/streamlit/releases)
- [Commits](streamlit/streamlit@1.58.0...1.59.2)

Updates `ruff` from 0.15.17 to 0.15.22
- [Release notes](https://github.com/astral-sh/ruff/releases)
- [Changelog](https://github.com/astral-sh/ruff/blob/main/CHANGELOG.md)
- [Commits](astral-sh/ruff@0.15.17...0.15.22)

Updates `mypy` from 2.1.0 to 2.3.0
- [Changelog](https://github.com/python/mypy/blob/master/CHANGELOG.md)
- [Commits](python/mypy@v2.1.0...v2.3.0)

Updates `pytest` from 9.0.3 to 9.1.1
- [Release notes](https://github.com/pytest-dev/pytest/releases)
- [Changelog](https://github.com/pytest-dev/pytest/blob/main/CHANGELOG.rst)
- [Commits](pytest-dev/pytest@9.0.3...9.1.1)

Updates `selenium` from 4.44.0 to 4.46.0
- [Release notes](https://github.com/SeleniumHQ/Selenium/releases)
- [Commits](SeleniumHQ/selenium@selenium-4.44.0...selenium-4.46.0)

---
updated-dependencies:
- dependency-name: mypy
  dependency-version: 2.2.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-patch-and-minor
- dependency-name: pytest
  dependency-version: 9.1.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-patch-and-minor
- dependency-name: ruff
  dependency-version: 0.15.21
  dependency-type: direct:development
  update-type: version-update:semver-patch
  dependency-group: python-patch-and-minor
- dependency-name: selenium
  dependency-version: 4.45.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-patch-and-minor
- dependency-name: snowflake-snowpark-python
  dependency-version: 1.53.0
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-patch-and-minor
- dependency-name: streamlit
  dependency-version: 1.59.1
  dependency-type: direct:development
  update-type: version-update:semver-minor
  dependency-group: python-patch-and-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot
dependabot Bot force-pushed the dependabot/pip/python-wrapper/python-patch-and-minor-a8d791d24f branch from 25e2e6b to 52fba30 Compare July 17, 2026 14:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants