chore(deps): bump the python group across 2 directories with 6 updates

[dependabot]

Bumps the python group with 5 updates in the /global-images/datascience directory:

Package	From	To
pandas	2.3.3	3.0.2
numpy	2.4.0	2.4.4
scipy	1.16.3	1.17.1
plotly	6.5.0	6.6.0
transformers	4.57.3	5.4.0

Bumps the python group with 1 update in the /scripts/init-realm directory: python-keycloak.

Updates pandas from 2.3.3 to 3.0.2

Release notes

Sourced from pandas's releases.

pandas 3.0.2

We are pleased to announce the release of pandas 3.0.2. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

pandas 3.0.1

We are pleased to announce the release of pandas 3.0.1. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

pandas 3.0.0

We are pleased to announce the release of pandas 3.0.0, a major release from the pandas 2.x series. This release includes various new features, bug fixes, and performance improvements, as well as possible breaking changes.

The pandas 3.0 release removed a functionality that was deprecated in previous releases. It is recommended to first upgrade to pandas 2.3 and to ensure your code is working without warnings, before upgrading to pandas 3.0.

Highlights include:

• Dedicated string data type by default
• Consistent copy/view behaviour with Copy-on-Write (CoW) (a.k.a. getting rid of the SettingWithCopyWarning)
• New default resolution for datetime-like data
• Initial support for the new pd.col syntax

... (truncated)

Commits

• ab90747 RLS: 3.0.2 (#64934)
• 6f27013 Backport PR #64931 on branch 3.0.x (DOC/BLD: temporary disable upload of docs...
• 48ddc60 Backport PR #64664 on branch 3.0.x (BUG: DataFrame.sum() crashes on empty Dat...
• 8774488 [backport 3.0.x] PERF: fix slow python loop in validation for ArrowStringArra...
• 33af6cc Backport PR #64133 on branch 3.0.x (BUG: str.find returns byte offset instead...
• 4ef49d8 [backport 3.0.x] BUG: fix convert_dtypes dropping values from sliced mixed-dt...
• 0668f34 [backport 3.0.x] BUG: Fix HDFStore.put with StringDtype columns and compressi...
• 23f2f44 [backport 3.0.x] BUG: Suppress unnecessary RuntimeWarning in to_datetime with...
• 83ba804 Backport PR #64886: BUG: Compute Variance of Complex Numbers Correctly (#64892)
• bb5ca1a Backport PR #64386 on branch 3.0.x (BUG: fix sort_index AssertionError with R...
• Additional commits viewable in compare view

Updates numpy from 2.4.0 to 2.4.4

Release notes

Sourced from numpy's releases.

2.4.4 (Mar 29, 2026)

NumPy 2.4.4 Release Notes

The NumPy 2.4.4 is a patch release that fixes bugs discovered after the 2.4.3 release. It should finally close issue #30816, the OpenBLAS threading problem on ARM.

This release supports Python versions 3.11-3.14

Contributors

A total of 8 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Charles Harris
• Daniel Haag +
• Denis Prokopenko +
• Harshith J +
• Koki Watanabe
• Marten van Kerkwijk
• Matti Picus
• Nathan Goldbaum

Pull requests merged

A total of 7 pull requests were merged for this release.

• #30978: MAINT: Prepare 2.4.x for further development
• #31049: BUG: Add test to reproduce problem described in #30816 (#30818)
• #31052: BUG: fix FNV-1a 64-bit selection by using NPY_SIZEOF_UINTP (#31035)
• #31053: BUG: avoid warning on ufunc with where=True and no output
• #31058: DOC: document caveats of ndarray.resize on 3.14 and newer
• #31079: TST: fix POWER VSX feature mapping (#30801)
• #31084: MAINT: numpy.i: Replace deprecated sprintf with snprintf...

2.4.3 (Mar 9, 2026)

NumPy 2.4.3 Release Notes

The NumPy 2.4.3 is a patch release that fixes bugs discovered after the 2.4.2 release. The most user visible fix may be a threading fix for OpenBLAS on ARM, closing issue #30816.

This release supports Python versions 3.11-3.14

Contributors

A total of 11 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Antareep Sarkar +

... (truncated)

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.4.0 release on Linux, which will be the first feature release using the numpy/numpy-release <https://github.com/numpy/numpy-release>__ repository.

The commands can be copied into the command line, but be sure to replace 2.4.0 with the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

• Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, multiple config and CI files need to be edited in addition to changing the minimum version in pyproject.toml. Make these changes in an ordinary PR against main and backport if necessary. We currently release wheels for new Python versions after the first Python RC once manylinux and cibuildwheel support that new Python version.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.4.x branch.

Commits

• be93fe2 Merge pull request #31090 from charris/prepare-2.4.4
• f5245dc REL: Prepare for the NumPy 2.4.4 release
• 02e838b Merge pull request #31084 from charris/backport-31056
• fa74b2d MAINT: numpy.i: Replace deprecated sprintf with snprintf (#31056)
• 533a6db Merge pull request #31079 from charris/backport-20801
• 9e496cb TST: fix POWER VSX feature mapping (#30801)
• 8052c4b Merge pull request #31058 from charris/backport-31021
• 7f13b5a MAINT: Skip test on PyPy.
• 4c5fdd6 MAINT: Remove unused import of tracemalloc.
• a3ca5ed Update numpy/_core/src/multiarray/shape.c
• Additional commits viewable in compare view

Updates scipy from 1.16.3 to 1.17.1

Release notes

Sourced from scipy's releases.

SciPy 1.17.1 Release Notes

SciPy 1.17.1 is a bug-fix release with no new features compared to 1.17.0.

Authors

• Name (commits)
• Evgeni Burovski (5)
• Lucas Colley (1)
• Christoph Gohlke (1)
• Ralf Gommers (6)
• Matt Haberland (5)
• Matthias Koeppe (1)
• Nick ODell (1)
• Ilhan Polat (10)
• Tyler Reddy (44)
• Martin Schuck (3)
• Dan Schult (3)
• stratakis (1) +
• ਗਗਨਦੀਪ ਸਿੰਘ (Gagandeep Singh) (1)

A total of 13 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

Complete issue list, PR list, and release asset hashes are available in the associated README.txt.

SciPy 1.17.0 Release Notes

SciPy 1.17.0 is the culmination of 6 months of hard work. It contains many new features, numerous bug-fixes, improved test coverage and better documentation. There have been a number of deprecations and API changes in this release, which are documented below. All users are encouraged to upgrade to this release, as there are a large number of bug-fixes and optimizations. Before upgrading, we recommend that users check that their own code does not use deprecated SciPy functionality (to do so, run your code with python -Wd and check for DeprecationWarning s). Our development attention will now shift to bug-fix releases on the 1.17.x branch, and on adding new features on the main branch.

This release requires Python 3.11-3.14 and NumPy 1.26.4 or greater.

Highlights of this release

• Many SciPy functions have gained native support for batching of N-dimensional array input and additional support for the array API standard. An overall

... (truncated)

Commits

• 527eb7f REL: 1.17.1 release commit [wheel build]
• f11663b Merge pull request #24584 from tylerjereddy/treddy_prep_1.17.1
• 2c49e68 DOC: PR 24584 revisions
• 400fa15 safely convert index dtypes to intc for csgraph and superLU
• 8c70404 MAINT: PR 24584 revisions [wheel build]
• 6dda8c1 BUG: PR 24584 revisions
• 4a187e5 DOC: PR 24584 revisions
• 463ee9f ENH: linalg/inv: re-enable overwrite_a for 2D inputs (#24442)
• df746ee BUG: linalg: restore dtypes in inv, solve, det
• 246bfee MAINT:optimize: Enable multi-phase init to DIRECT
• Additional commits viewable in compare view

Updates plotly from 6.5.0 to 6.6.0

Release notes

Sourced from plotly's releases.

v6.6.0

Fixed

• Remove unneeded type="text/javascript" attribute from <style> tag [#5454], with thanks to @​hannob for the contribution!
• Remove global warning format side effect [#5481], with thanks to @​emmanuel-ferdman for the contribution!
• Fix spurious engine deprecation warning in write_image [#5517], with thanks to @​mosh3eb for the contribution!

Updated

• Update plotly.js from version 3.3.1 to version 3.4.0. See the plotly.js release notes for more information. [#5527]. Notable changes include:
  • Add support for clicking legend titles to toggle visibility of all traces in legend [#7698]
  • Add support for shapes to reference multiple axes [#7666]
  • Add support for dashed marker lines in scatter plots [#7673]
  • Increase axis autorange when bar charts have outside text labels, to avoid labels being clipped [#7675]

Full Changelog: plotly/plotly.py@v6.5.2...v6.6.0

v6.5.2

Fixed

• Fix issue where pie trace legend, showlegend attributes don't accept array values [#5464 and #5465], with thanks to @​my-tien for the contribution!

v6.5.1

Fixed

• Fix issue where Plotly Express ignored trace-specific color sequences defined in templates via template.data.<trace_type> [#5437], with thanks to @​antonymilne for the contribution!

Updated

• Speed up validate_gantt function [#5386], with thanks to @​misrasaurabh1 for the contribution!
• Update plotly.js from version 3.3.0 to version 3.3.1. See the plotly.js release notes for more information. [#5456]. Notable changes include:
  • Add support for arrays for the pie properties showlegend and legend, so that these can be configured per slice. [#7580]

Changelog

Sourced from plotly's changelog.

[6.6.0] - 2026-03-02

Fixed

• Remove unneeded type="text/javascript" attribute from <style> tag [#5454], with thanks to @​hannob for the contribution!
• Remove global warning format side effect [#5481], with thanks to @​emmanuel-ferdman for the contribution!
• Fix spurious engine deprecation warning in write_image [#5517], with thanks to @​mosh3eb for the contribution!

Updated

• Update plotly.js from version 3.3.1 to version 3.4.0. See the plotly.js release notes for more information. [#5527]. Notable changes include:
  • Add support for clicking legend titles to toggle visibility of all traces in legend [#7698]
  • Add support for shapes to reference multiple axes [#7666]
  • Add support for dashed marker lines in scatter plots [#7673]
  • Increase axis autorange when bar charts have outside text labels, to avoid labels being clipped [#7675]

[6.5.2] - 2026-01-14

Fixed

• Fix issue where pie trace legend, showlegend attributes don't accept array values [#5464 and #5465], with thanks to @​my-tien for the contribution!

[6.5.1] - 2026-01-07

Fixed

• Fix issue where Plotly Express ignored trace-specific color sequences defined in templates via template.data.<trace_type> [#5437], with thanks to @​antonymilne for the contribution!

Updated

• Speed up validate_gantt function [#5386], with thanks to @​misrasaurabh1 for the contribution!
• Update plotly.js from version 3.3.0 to version 3.3.1. See the plotly.js release notes for more information. [#5456]. Notable changes include:
  • Add support for arrays for the pie properties showlegend and legend, so that these can be configured per slice. [#7580]

Commits

• 837d27e changes for v6.6.0
• e0278b3 update changelog
• bb783da Merge pull request #5516 from plotly/new-charts
• 5aabff0 Merge branch 'main' into new-charts
• 03fd2ed Merge pull request #5527 from plotly/update-plotlyjs-3.4.0
• aee4c33 update changelog
• 46a8aa2 update js artifacts
• 7dc360c update package-lock
• cf1b9ae upgrade plotly.js to v3.4.0
• a4832a8 Merge branch 'main' into new-charts
• Additional commits viewable in compare view

Updates transformers from 4.57.3 to 5.4.0

Release notes

Sourced from transformers's releases.

Release v5.4.0: PaddlePaddle models 🙌, Mistral 4, PI0, VidEoMT, UVDoc, SLANeXt, Jina Embeddings v3

New Model additions

VidEoMT

Video Encoder-only Mask Transformer (VidEoMT) is a lightweight encoder-only model for online video segmentation built on a plain Vision Transformer (ViT). It eliminates the need for dedicated tracking modules by introducing a lightweight query propagation mechanism that carries information across frames and employs a query fusion strategy that combines propagated queries with temporally-agnostic learned queries. VidEoMT achieves competitive accuracy while being 5x-10x faster than existing approaches, running at up to 160 FPS with a ViT-L backbone.

Links: Documentation | Paper

• Add VidEoMT (#44285) by @​NielsRogge in #44285

UVDoc

UVDoc is a machine learning model designed for document image rectification and correction. The main purpose of this model is to carry out geometric transformation on images to correct document distortion, inclination, perspective deformation and other problems in document images. It provides both single input and batched inference capabilities for processing distorted document images.

Links: Documentation

• [Model] Add UVDoc Model Support (#43385) by @​XingweiDeng in #43385

Jina Embeddings v3

The Jina-Embeddings-v3 is a multilingual, multi-task text embedding model designed for a variety of NLP applications. Based on the XLM-RoBERTa architecture, this model supports Rotary Position Embeddings (RoPE) replacing absolute position embeddings to support long input sequences up to 8192 tokens. Additionally, it features 5 built-in Task-Specific LoRA Adapters that allow the model to generate task-specific embeddings (e.g., for retrieval vs. classification) without increasing inference latency significantly.

Links: Documentation | Paper

• Add Jina-Embeddings-V3 Model (#44251) by @​Sai-Suraj-27 in #44251

Mistral4

Mistral 4 is a powerful hybrid model with the capability of acting as both a general instruction model and a reasoning model. It unifies the capabilities of three different model families - Instruct, Reasoning (previously called Magistral), and Devstral - into a single, unified model. The model features a MoE architecture with 128 experts and 4 active, 119B parameters with 6.5B activated per token, 256k context length, and supports multimodal input with both text and image processing capabilities.

Links: Documentation

• Add Mistral 4 (#44760) by @​juliendenize in #44760

PI0

PI0 is a vision-language-action model for robotics manipulation that jointly processes visual observations and language instructions to generate robot actions. It uses a novel flow matching architecture built on top of a pre-trained vision-language model to inherit Internet-scale semantic knowledge. The model can perform complex dexterous tasks like laundry folding, table cleaning, and assembling boxes across multiple robot platforms including single-arm robots, dual-arm robots, and mobile manipulators.

Links: Documentation | Paper

• Add model lerobot PI0 to transformers (#44160) by @​molbap in #44160

SLANeXt

SLANeXt is a series of dedicated lightweight models for table structure recognition, focusing on accurately recognizing table structures in documents and natural scenes. The SLANeXt series is a new generation of table structure recognition models independently developed by the Baidu PaddlePaddle Vision Team, with dedicated weights trained separately for wired and wireless tables. The recognition ability for all types of tables has been significantly improved, especially for wired tables.

... (truncated)

Commits

• 276f140 v5.4.0
• 16d437e fix: protect torch imports in processing files and fix import guards
• 97b7727 Fix release full (#45029)
• 78bdaf0 Add cohere asr (#45023)
• e895107 docs: add PermuteForRope to conversion operations reverse table (#45035)
• 67100cc [CB] Persistent manager (#44435)
• 69f9d55 Add BC for _further_process_kwargs (#45033)
• e3f7cc3 Use multi runners to check new failing tests in a CI run (#45032)
• 882ffdb [fix] Use the correct _tied_weights_keys for CamembertForCausalLM (#45031)
• d81ad48 change dev ver. we forgot to do this when we released 5.3.0
• Additional commits viewable in compare view

Updates python-keycloak from 5.8.0 to 7.1.1

Changelog

Sourced from python-keycloak's changelog.

v7.1.1 (2026-02-15)

Fix

• uma: set requested resource ids correctly in permission ticket creation (#702)

v7.1.0 (2026-02-13)

Feat

• decode token with all keys, added get client certificate info method (#704)

v7.0.3 (2026-01-28)

Fix

• do not throw when processing signed userinfo response (#699)

v7.0.2 (2026-01-08)

Fix

• Fix/python version and ci (#691)

v7.0.1 (2026-01-05)

Fix

• python version

v7.0.0 (2026-01-04)

BREAKING CHANGE

• this change introduces a very strong typing across the library. From now on, we demand that each method returns a single type and converts the results into the specified return type, otherwise it raises a TypeError exception. This should resolve any type checking linter errors within the library as well.

Fix

• updated lockfile
• pass along the default connection manager configuration into uma
• dont override transport for httpx
• pass query params in get groups
• removed async property as a dependency
• strong and consistent typing across the library

v6.0.0 (2025-12-28)

BREAKING CHANGE

• changes the behavior of get_group_by_path to raise an exception in case the path is not found, which is now the definitive new behavior

... (truncated)

Commits

• de25a9c fix(uma): set requested resource ids correctly in permission ticket creation ...
• 9720e2d docs: changelog update
• 98b9b24 feat: decode token with all keys, added get client certificate info method (#...
• f5333a0 docs: changelog update
• ce07157 fix: do not throw when processing signed userinfo response (#699)
• 6580ac6 chore: updated deps
• 2f6beb3 chore(typehints): fixup typehints for role parameter for add composites (#697)
• 7e8184d chore: typehints (#696)
• 5e3ee8d docs: changelog update
• 8eca957 fix: Fix/python version and ci (#691)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

/deploy

[RenkuBot]

You can access the deployment of this PR at https://ci-renku-4421.dev.renku.ch

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.