chore(deps)(deps): bump the patch-updates group across 1 directory with 13 updates

[dependabot]

Bumps the patch-updates group with 13 updates in the / directory:

Package	From	To
aiohappyeyeballs	2.6.1	2.6.2
charset-normalizer	3.4.4	3.4.7
einops	0.8.1	0.8.2
faster-whisper	1.2.0	1.2.1
joblib	1.5.2	1.5.3
julius	0.2.7	0.2.8
lightning-utilities	0.15.2	0.15.3
mako	1.3.10	1.3.12
matplotlib	3.10.7	3.10.9
multidict	6.7.0	6.7.1
pyannote-audio	4.0.1	4.0.4
pyannote-database	6.1.0	6.1.1
sqlalchemy	2.0.44	2.0.50

Updates aiohappyeyeballs from 2.6.1 to 2.6.2

Release notes

Sourced from aiohappyeyeballs's releases.

v2.6.2 (2026-05-20)

Bug Fixes

• Clear error on empty addr_infos in start_connection (#222, 55dd76a)

Refactoring

• Optimize obtaining event-loop down to 1 line (#185, 02a7029)

Testing

• Stop verify_no_lingering_tasks from leaking an event loop (#221, ce43beb)

---

Detailed Changes: v2.6.1...v2.6.2

Changelog

Sourced from aiohappyeyeballs's changelog.

v2.6.2 (2026-05-20)

Bug fixes

• Clear error on empty addr_infos in start_connection (55dd76a)

Testing

• Stop verify_no_lingering_tasks from leaking an event loop (ce43beb)

Refactoring

• Optimize obtaining event-loop down to 1 line (02a7029)

Commits

• d779d62 2.6.2
• 55dd76a fix: clear error on empty addr_infos in start_connection (#222)
• ce43beb test: stop verify_no_lingering_tasks from leaking an event loop (#221)
• 184079b chore(deps-ci): bump the github-actions group across 1 directory with 7 updat...
• d9b0fa6 chore(deps-dev): bump requests from 2.32.4 to 2.33.0 (#219)
• 09dcc92 chore(deps-dev): bump urllib3 from 2.5.0 to 2.7.0 (#220)
• a0a313a chore(deps-dev): bump cryptography from 43.0.3 to 46.0.7 (#216)
• b5dec0c ci: replace per-commit conventional commits check with pr title check (#218)
• 363b722 chore(pre-commit.ci): pre-commit autoupdate (#202)
• cc07391 chore: drop Python 3.9 support (#215)
• Additional commits viewable in compare view

Updates charset-normalizer from 3.4.4 to 3.4.7

Release notes

Sourced from charset-normalizer's releases.

Version 3.4.7

3.4.7 (2026-04-02)

Changed

• Pre-built optimized version using mypy[c] v1.20.
• Relax setuptools constraint to setuptools>=68,<82.1.

Fixed

• Correctly remove SIG remnant in utf-7 decoded string. (#718) (#716)

Version 3.4.6

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

Version 3.4.5

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

[!WARNING]
mypyc changed the usual binary output for the optimized wheel. Beware, especially if using PyInstaller or alike. See jawah/charset_normalizer#714

Changelog

Sourced from charset-normalizer's changelog.

3.4.7 (2026-04-02)

Changed

• Pre-built optimized version using mypy[c] v1.20.
• Relax setuptools constraint to setuptools>=68,<82.1.

Fixed

• Correctly remove SIG remnant in utf-7 decoded string. (#718) (#716)

3.4.6 (2026-03-15)

Changed

• Flattened the logic in charset_normalizer.md for higher performance. Removed eligible(..) and feed(...) in favor of feed_info(...).
• Raised upper bound for mypy[c] to 1.20, for our optimized version.
• Updated UNICODE_RANGES_COMBINED using Unicode blocks v17.

Fixed

• Edge case where noise difference between two candidates can be almost insignificant. (#672)
• CLI --normalize writing to wrong path when passing multiple files in. (#702)

Misc

• Freethreaded pre-built wheels now shipped in PyPI starting with 3.14t. (#616)

3.4.5 (2026-03-06)

Changed

• Update setuptools constraint to setuptools>=68,<=82.
• Raised upper bound of mypyc for the optional pre-built extension to v1.19.1

Fixed

• Add explicit link to lib math in our optimized build. (#692)
• Logger level not restored correctly for empty byte sequences. (#701)
• TypeError when passing bytearray to from_bytes. (#703)

Misc

• Applied safe micro-optimizations in both our noise detector and language detector.
• Rewrote the query_yes_no function (inside CLI) to avoid using ambiguous licensed code.
• Added cd.py submodule into mypyc optional compilation to reduce further the performance impact.

Commits

• 0f07891 Merge pull request #729 from jawah/release-3.4.7
• fdbeb29 chore: update dev, and ci requirements
• b66f922 chore: add ft classifier
• f94249d chore: add test cases for utf_7 recent fix
• 95c866f chore: bump version to 3.4.7
• 4f429bb chore: bump mypy pre-commit to v1.20
• b579cd6 fix: correctly remove SIG remnant in utf-7 decoded string
• 58bf944 ⬆️ Bump github/codeql-action from 4.32.4 to 4.35.1 (#728)
• 44cf8a1 ⬆️ Bump actions/download-artifact from 8.0.0 to 8.0.1 (#726)
• 362bc20 ⬆️ Bump docker/setup-qemu-action from 3.7.0 to 4.0.0 (#725)
• Additional commits viewable in compare view

Updates einops from 0.8.1 to 0.8.2

Commits

• 8e911db update testing (#395)
• 3cdcbd5 add mlx backend (#376)
• 5197457 Skip allow_in_graph if torch >= 2.8 (#394)
• 3bd7454 switch off debug importing (#393)
• ab3f630 Patch #391 (conflicts in multithreading initialization) (#392)
• 43a12ee A bit more of compile tests (#390)
• 71b3b23 mention ein color and AF3 (#389)
• 361b11e add einops.jl and einops for R in docs_src/pages/projects.md (#383)
• b131c81 Extend tests for torch.compile (#382)
• 5dac404 mention cubed as one more backend (#375)
• Additional commits viewable in compare view

Updates faster-whisper from 1.2.0 to 1.2.1

Release notes

Sourced from faster-whisper's releases.

faster-whisper 1.2.1

What's Changed

• only merge when clip_timestamps are not provided by @​MahmoudAshraf97 in SYSTRAN/faster-whisper#1345
• Fix: Prevent <|nocaptions|> tokens in BatchedInferencePipeline by @​mmichelli in SYSTRAN/faster-whisper#1338
• Upgrade to Silero-VAD V6 by @​MahmoudAshraf97 and @​sssshhhhhh in SYSTRAN/faster-whisper#1373
• Offload retry logic to hf hub by @​MahmoudAshraf97 in SYSTRAN/faster-whisper#1382
• Refinements for clip timestamps in batched inference by @​MahmoudAshraf97 in SYSTRAN/faster-whisper#1376

New Contributors

• @​mmichelli made their first contribution in SYSTRAN/faster-whisper#1338
• @​sssshhhhhh made their first contribution in SYSTRAN/faster-whisper#1365

Full Changelog: SYSTRAN/faster-whisper@v1.2.0...v1.2.1

Commits

• 65882ee Bump version to 1.2.1
• 409a691 Prevent timestamps restoration when clip timestamps are provided in batched i...
• 00a5b26 Offload retry logic to hf hub (#1382)
• 9090997 Fix a typo (#1377)
• dea24cb Upgrade to Silero-VAD V6 (#1373)
• 14ba105 Fix: add \<|nocaptions|> to suppressed tokens (#1338)
• c26d609 only merge when clip_timestamps are not provided (#1345)
• 4bd98d5 Update README.md to include whisper-fastapi (#1325)
• See full diff in compare view

Updates joblib from 1.5.2 to 1.5.3

Changelog

Sourced from joblib's changelog.

Release 1.5.3 - 2025/12/15

• The Memory object won't overwrite an already existing .gitignore file in its cache directory anymore. joblib/joblib#1742

• Harden the safety checks in eval_expr(pre_dispatch) to prevent excessive memory allocation and potential crashes by limiting the allowed length of the expression and the maximum numeric value of sub-expressions and not evaluating expressions with non-numeric literals. joblib/joblib#1744

• Vendor cloudpickle 3.1.2 to fix a pickling problem with interactively defined abstract base classes and type annotations in Python 3.14+.

Commits

• 40cd002 RELEASE 1.5.3 (#1765)
• f05be67 MNT Remove last usage of distutils (#1760)
• 4273f39 MNT bump actions/checkout from 5 to 6 in the github-actions group (#1762)
• f465f02 FIX don't overwrite existing .gitignore (#1742)
• cca7d87 MNT bump sklearn test on python 3.12 (#1759)
• f7775ad MNT remove deprecated pytest feature (#1757)
• 3c58aab Add Python 3.14 and 3.14t to the testing (#1747)
• 9b96664 Bump cloudpickle to 3.1.2 (#1752)
• c3bdbd9 Bump the github-actions group with 5 updates (#1749)
• a09bb30 Keep GitHub Actions up to date with GitHub's Dependabot (#1748)
• Additional commits viewable in compare view

Updates julius from 0.2.7 to 0.2.8

Commits

• See full diff in compare view

Updates lightning-utilities from 0.15.2 to 0.15.3

Release notes

Sourced from lightning-utilities's releases.

Release v0.15.3

What's Changed

Added

• Added support for Python 3.14 (#464)
• Added AGENTS.md (#428)
• feat: specify standalone port (#447)
• chore(ci): add python version to build matrix (#465)

Changed

• Dropped support for Python 3.9, now requires Python >=3.10 (#463)
• feat: upgrade GitHub Actions/workflows to uv (#453)
• Replace deprecated macOS 13 runner (#446)
• Use maintained fork for markdown link check workflow (#445)
• Update documentation (#430)
• setuptools is removed as a core requirement (#461)
• Bump version from 0.15.2 to 0.15.3 (#474)

Fixed

• Fixed compare_version if runtime error (#427)
• Remove deprecated pkg_resources usage for setuptools >= 82 compatibility (#473)

GitHub Actions

• build(deps): bump actions/download-artifact from 4 to 5 by @​dependabot[bot] in Lightning-AI/utilities#426
• build(deps): bump actions/checkout from 4 to 5 by @​dependabot[bot] in Lightning-AI/utilities#425
• build(deps): bump codecov/codecov-action from 5.4.3 to 5.5.0 by @​dependabot[bot] in Lightning-AI/utilities#429
• build(deps): bump actions/labeler from 5 to 6 by @​dependabot[bot] in Lightning-AI/utilities#434
• build(deps): bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 by @​dependabot[bot] in Lightning-AI/utilities#435
• build(deps): bump codecov/codecov-action from 5.5.0 to 5.5.1 by @​dependabot[bot] in Lightning-AI/utilities#436
• build(deps): bump actions/setup-python from 5 to 6 by @​dependabot[bot] in Lightning-AI/utilities#437
• build(deps): bump actions/download-artifact from 5 to 6 by @​dependabot[bot] in Lightning-AI/utilities#444
• build(deps): bump actions/upload-artifact from 4 to 5 by @​dependabot[bot] in Lightning-AI/utilities#443
• build(deps): bump actions/checkout from 5 to 6 by @​dependabot[bot] in Lightning-AI/utilities#450
• build(deps): bump actions/download-artifact from 6 to 7 by @​dependabot[bot] in Lightning-AI/utilities#455
• build(deps): bump codecov/codecov-action from 5.5.1 to 5.5.2 by @​dependabot[bot] in Lightning-AI/utilities#456
• build(deps): bump JamesIves/github-pages-deploy-action from 4.7.3 to 4.7.6 by @​dependabot[bot] in Lightning-AI/utilities#457
• build(deps): bump actions/upload-artifact from 5 to 6 by @​dependabot[bot] in Lightning-AI/utilities#458
• build(deps): bump actions/cache from 4 to 5 by @​dependabot[bot] in Lightning-AI/utilities#466
• build(deps): bump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 by @​dependabot[bot] in Lightning-AI/utilities#467

Python Dependencies

• build(deps): bump pytest-cov from 6.2.1 to 6.3.0 in /requirements by @​dependabot[bot] in Lightning-AI/utilities#432
• build(deps): update twine requirement from ==6.1.* to ==6.2.* in /requirements by @​dependabot[bot] in Lightning-AI/utilities#433
• build(deps): bump pytest-cov from 6.3.0 to 7.0.0 in /requirements by @​dependabot[bot] in Lightning-AI/utilities#438

... (truncated)

Changelog

Sourced from lightning-utilities's changelog.

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

---

[UnReleased] - 2026-MM-DD

Added

• Added support for Python 3.14 (#464)

Changed

• Dropped support for Python 3.9, now requires Python >=3.10 (#463)

Fixed

• Fixed compare_version if runtime error (#427)
• Remove deprecated pkg_resources usage for setuptools >= 82 compatibility (#473)

---

Commits

• 86fe1b2 Bump version from 0.15.2 to 0.15.3 (#474)
• 196f271 Remove deprecated pkg_resources usage for setuptools >= 82 compatibility ...
• 0701f88 [pre-commit.ci] pre-commit suggestions (#471)
• f7ebc90 build(deps): update setuptools requirement from ==80.9.* to ==80.10.* in /req...
• 516e001 build(deps): bump packaging from 25.0 to 26.0 in /requirements (#470)
• 33b58bc build(deps): update wheel requirement from ==0.45.* to ==0.46.* in /requireme...
• 70eca8f Adds support for Python 3.14 (#464)
• 06dd5f1 build(deps): bump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 (#...
• bbdcf8c build(deps): bump actions/cache from 4 to 5 (#466)
• ae8c5ef [pre-commit.ci] pre-commit suggestions (#440)
• Additional commits viewable in compare view

Updates mako from 1.3.10 to 1.3.12

Release notes

Sourced from mako's releases.

1.3.12

Released: Tue Apr 28 2026

bug

• [bug] [template] Fixed issue in TemplateLookup where a URI with backslash path separators (e.g. \..\secret.txt) could bypass the directory traversal check on Windows, allowing reads of arbitrary files outside of the template directory. Backslash characters in URIs are now normalized to forward slashes before path resolution.

  References: #435

1.3.11

Released: Tue Apr 14 2026

bug

• [bug] [template] Fixed issue in TemplateLookup where a URI with a double-slash prefix (e.g. //../../) could bypass the directory traversal check in Template, allowing reads of arbitrary files outside of the template directory. The issue was caused by an inconsistency in how leading slashes were stripped between TemplateLookup.get_template() and Template initialization.

  References: #434

Commits

• See full diff in compare view

Updates matplotlib from 3.10.7 to 3.10.9

Release notes

Sourced from matplotlib's releases.

v3.10.9

This is a micro release of the v3.10.x series. Highlights of this release include:

• Various minor bug and doc fixes
• Security hardening validation of cyclers - Removing eval usage
• Security hardening in Latex and PS calls - Removing shell escapes

REL: v3.10.8

This is a bugfix release in the 3.10.x series.

The primary highlights of this release are:

• Properly allow freethreaded mode in the MacOS backend
• Better error handling for MacOS backend

Commits

• dd8d78b REL: v3.10.9
• 2fb1891 REL: Release prep v3.10.9
• d0e923a Merge branch 'v3.10.8-doc' into v3.10.x
• 1637932 Merge pull request #31558 from meeseeksmachine/auto-backport-of-pr-31556-on-v...
• a83faac Backport PR #31556: FIX: Inverted PyErr_Occurred check in enum type caster (_...
• a4f57ab Merge pull request #31545 from ksunden/backport-of-pr-31282-on-v3.10.x
• 063288d Merge pull request #31544 from ksunden/backport-of-pr-31248-on-v3.10.x
• b2ed196 Backport PR #31248: SEC: Remove eval() from validate_cycler
• acc6024 Merge pull request #31282 from scottshambaugh/tex_no_shell
• e3fb541 Merge pull request #31078 from meeseeksmachine/auto-backport-of-pr-31075-on-v...
• Additional commits viewable in compare view

Updates multidict from 6.7.0 to 6.7.1

Release notes

Sourced from multidict's releases.

6.7.1

Bug fixes

• Fixed slow memory leak caused by identity by adding Py_DECREF to identity value before leaving md_pop_one on success -- by :user:Vizonex.

  Related issues and pull requests on GitHub: #1284.

---

Changelog

Sourced from multidict's changelog.

6.7.1

(2026-01-25)

Bug fixes

• Fixed slow memory leak caused by identity by adding Py_DECREF to identity value before leaving md_pop_one on success -- by :user:Vizonex.

  Related issues and pull requests on GitHub: :issue:1284.

---

Commits

• 39d3c32 Release 6.7.1 (#1289)
• 77bb95e Fix memory leak caused by identity when default value is inplace (#1284)
• 87dd4a4 Bump dependabot/fetch-metadata from 2.4.0 to 2.5.0 (#1287)
• 6c76412 Bump actions/cache from 4 to 5 (#1275)
• b91a033 Bump actions/upload-artifact from 4 to 6 (#1277)
• 84bf82c Bump psutil from 7.1.3 to 7.2.1 (#1279)
• 3f7b3ce Bump pypa/cibuildwheel from 3.3.0 to 3.3.1 (#1280)
• bbae902 Bump sigstore/gh-action-sigstore-python from 3.1.0 to 3.2.0 (#1274)
• 000b5b0 Remove follow_untyped_imports for mypy-sphinx (#1286)
• 3d2d630 Bump actions/download-artifact from 6 to 7 (#1276)
• Additional commits viewable in compare view

Updates pyannote-audio from 4.0.1 to 4.0.4

Release notes

Sourced from pyannote-audio's releases.

4.0.4

No release notes provided.

Version 4.0.3

• feat(cli): add --revision option to most CLI commands
• feat(util): add Calibration.safe_transform method (supports NaNs as well as any shape)
• fix(model): fix Model.from_pretrained to support lightning 2.6+
• setup: update pyannote-database dependency to 6.1+

Version 4.0.2

What's Changed

• BREAKING(util): make Binarize.__call__ return string tracks (instead of int) @​benniekiss
• fix(torch): pin torch, torchcodec, and torchaudio versions to avoid segmentation fault
• fix(pyannoteAI): update pyannoteAI wrapper to return both regular and exclusive diarization
• feat(pipeline): add Pipeline.cuda() convenience method @​tkanarsky
• feat(pipeline): add preload option to base Pipeline.__call__ to force preloading audio in memory (@​antoinelaurent)
• feat(cli): add option to apply pipeline on a directory of audio files
• improve(util): make permutate faster thanks to vectorized cost function

New Contributors

• @​tkanarsky made their first contribution in pyannote/pyannote-audio#1950

Full Changelog: pyannote/pyannote-audio@4.0.1...4.0.2

Changelog

Sourced from pyannote-audio's changelog.

Version 4.0.4 (2026-02-07)

• feat(sample): add transcription of sample file
• setup: relax torch dependencies constraints
• fix(pipeline): fix HF authentication for Speechbrain speaker embedding @​krisoye

Version 4.0.3 (2025-12-07)

• feat(cli): add --revision option to most CLI commands
• feat(util): add Calibration.safe_transform method (supports NaNs as well as any shape)
• fix(model): fix Model.from_pretrained to support lightning 2.6+
• setup: update pyannote-database dependency to 6.1+

Version 4.0.2 (2025-11-19)

• BREAKING(util): make Binarize.__call__ return string tracks (instead of int) @​benniekiss
• fix(torch): pin torch, torchcodec, and torchaudio versions to avoid segmentation fault
• fix(pyannoteAI): update pyannoteAI wrapper to return both regular and exclusive diarization
• feat(pipeline): add Pipeline.cuda() convenience method @​tkanarsky
• feat(pipeline): add preload option to base Pipeline.__call__ to force preloading audio in memory (@​antoinelaurent)
• feat(cli): add option to apply pipeline on a directory of audio files
• improve(util): make permutate faster thanks to vectorized cost function

Commits

• See full diff in compare view

Updates pyannote-database from 6.1.0 to 6.1.1

Commits

• See full diff in compare view

Updates sqlalchemy from 2.0.44 to 2.0.50

Release notes

Sourced from sqlalchemy's releases.

2.0.50

Released: May 24, 2026

orm

• [orm] [bug] Fixed issue where using _orm.joinedload() with PropComparator.of_type() targeting a joined-table subclass combined with PropComparator.and_() referencing a column on that subclass would generate invalid SQL, where the subclass column was not adapted to the subquery alias. Pull request courtesy Joaquin Hui Gomez.

  References: #13203

• [orm] [bug] Fixed issue where the presence of a SessionEvents.do_orm_execute() event hook would cause internal execution options such as yield_per and loader-specific state from the first orm_pre_session_exec pass to leak into the second pass, leading to errors when using relationship loaders such as selectinload() and immediateload(). The execution options passed to the second compilation pass are now based on the original options plus only the explicit updates made via ORMExecuteState.update_execution_options() within the event hook.

  References: #13301

• [orm] [bug] Fixed issue where using _orm.with_polymorphic() on a leaf class (a subclass with no further descendants) or a non-inherited class would fail with an AttributeError when used in an ORM statement, due to _orm.configure_mappers() not being triggered implicitly. The fix ensures that AliasedInsp participates in the _post_inspect hook, triggering mapper configuration during ORM statement compilation.

  References: #13319

sql

• [sql] [bug] Fixed issue where floor division (//) between a Float or Numeric numerator and an Integer denominator would omit the FLOOR() SQL wrapper on dialects where Dialect.div_is_floordiv is True (the default, including PostgreSQL and SQLite). FLOOR() is now applied if either the denominator or the numerator is a non-integer, so that expressions such as float_col // int_col render as FLOOR(float_col / int_col) instead of the incorrect float_col / int_col. Pull request courtesy r266-tech.

  References: #10528

postgresql

... (truncated)

Commits

• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.