chore(wren-ai-service): bump the all group across 1 directory with 42 updates

[dependabot]

Bumps the all group with 42 updates in the /wren-ai-service directory:

Package	From	To
fastapi	0.121.1	0.135.2
uvicorn	0.29.0	0.42.0
python-dotenv	1.2.1	1.2.2
haystack-ai	2.7.0	2.26.1
openai	1.109.1	2.30.0
qdrant-haystack	7.0.0	10.3.0
tqdm	4.67.1	4.67.3
numpy	1.26.4	2.4.3
orjson	3.11.5	3.11.7
ollama-haystack	0.0.6	1.1.0
langfuse	2.60.10	4.0.1
ollama	0.2.1	0.6.1
cachetools	5.5.2	6.2.6
pydantic-settings	2.12.0	2.13.1
google-auth	2.43.0	2.49.1
tiktoken	0.8.0	0.12.0
jsonschema	4.25.1	4.26.0
litellm	1.79.3	1.82.6
boto3	1.40.72	1.42.76
qdrant-client	1.17.0	1.17.1
filelock	3.20.3	3.25.2
werkzeug	3.1.5	3.1.7
marshmallow	3.26.2	4.2.3
protobuf	6.33.5	6.33.6
pre-commit	3.8.0	4.5.1
streamlit	1.51.0	1.55.0
watchdog	4.0.2	6.0.0
matplotlib	3.10.7	3.10.8
sseclient-py	1.8.0	1.9.0
dspy-ai	2.6.27	3.1.3
requests	2.32.5	2.33.0
deepeval	3.8.8	3.9.3
tomlkit	0.13.3	0.14.0
nltk	3.9.3	3.9.4
gitpython	3.1.45	3.1.46
plotly	5.24.1	6.6.0
ipykernel	6.31.0	7.2.0
itables	2.5.2	2.7.3
gdown	5.2.0	5.2.1
locust	2.41.6	2.43.3
pytest-cov	6.3.0	7.1.0
pytest-asyncio	0.24.0	1.3.0

Updates fastapi from 0.121.1 to 0.135.2

Release notes

Sourced from fastapi's releases.

0.135.2

Upgrades

• ⬆️ Increase lower bound to pydantic >=2.9.0. and fix the test suite. PR #15139 by @​svlandeg.

Docs

• 📝 Add missing last release notes dates. PR #15202 by @​tiangolo.
• 📝 Update docs for contributors and team members regarding translation PRs. PR #15200 by @​YuriiMotov.
• 💄 Fix code blocks in reference docs overflowing table width. PR #15094 by @​YuriiMotov.
• 📝 Fix duplicated words in docstrings. PR #15116 by @​AhsanSheraz.
• 📝 Add docs for pyproject.toml with entrypoint. PR #15075 by @​tiangolo.
• 📝 Update links in docs to no longer use the classes external-link and internal-link. PR #15061 by @​tiangolo.
• 🔨 Add JS and CSS handling for automatic target=_blank for links in docs. PR #15063 by @​tiangolo.
• 💄 Update styles for internal and external links in new tab. PR #15058 by @​tiangolo.
• 📝 Add documentation for the FastAPI VS Code extension. PR #15008 by @​savannahostrowski.
• 📝 Fix doctrings for max_digits and decimal_places. PR #14944 by @​YuriiMotov.
• 📝 Add dates to release notes. PR #15001 by @​YuriiMotov.

Translations

• 🌐 Update translations for zh (update-outdated). PR #15177 by @​tiangolo.
• 🌐 Update translations for zh-hant (update-outdated). PR #15178 by @​tiangolo.
• 🌐 Update translations for zh-hant (add-missing). PR #15176 by @​tiangolo.
• 🌐 Update translations for zh (add-missing). PR #15175 by @​tiangolo.
• 🌐 Update translations for ja (update-outdated). PR #15171 by @​tiangolo.
• 🌐 Update translations for ko (update-outdated). PR #15170 by @​tiangolo.
• 🌐 Update translations for tr (update-outdated). PR #15172 by @​tiangolo.
• 🌐 Update translations for ko (add-missing). PR #15168 by @​tiangolo.
• 🌐 Update translations for ja (add-missing). PR #15167 by @​tiangolo.
• 🌐 Update translations for tr (add-missing). PR #15169 by @​tiangolo.
• 🌐 Update translations for fr (update-outdated). PR #15165 by @​tiangolo.
• 🌐 Update translations for fr (add-missing). PR #15163 by @​tiangolo.
• 🌐 Update translations for uk (update-outdated). PR #15160 by @​tiangolo.
• 🌐 Update translations for uk (add-missing). PR #15158 by @​tiangolo.
• 🌐 Update translations for pt (add-missing). PR #15157 by @​tiangolo.
• 🌐 Update translations for pt (update-outdated). PR #15159 by @​tiangolo.
• 🌐 Update translations for es (update-outdated). PR #15155 by @​tiangolo.
• 🌐 Update translations for es (add-missing). PR #15154 by @​tiangolo.
• 🌐 Update translations for de (update-outdated). PR #15156 by @​tiangolo.
• 🌐 Update translations for ru (update-and-add). PR #15152 by @​tiangolo.
• 🌐 Update translations for de (add-missing). PR #15153 by @​tiangolo.

Internal

• 🔨 Exclude spam comments from statistics in scripts/people.py. PR #15088 by @​YuriiMotov.
• ⬆ Bump authlib from 1.6.7 to 1.6.9. PR #15128 by @​dependabot[bot].
• ⬆ Bump pyasn1 from 0.6.2 to 0.6.3. PR #15143 by @​dependabot[bot].
• ⬆ Bump ujson from 5.11.0 to 5.12.0. PR #15150 by @​dependabot[bot].
• 🔨 Tweak translation workflow and translation fixer tool. PR #15166 by @​YuriiMotov.

... (truncated)

Commits

• 25a3697 🔖 Release version 0.135.2
• ab125da 📝 Update release notes
• 122b6d4 📝 Add missing last release notes dates (#15202)
• 68ac0ab 📝 Update release notes
• ea6e287 📝 Update docs for contributors and team members regarding translation PRs (#1...
• d0a6f20 📝 Update release notes
• fd9e192 💄 Fix code blocks in reference docs overflowing table width (#15094)
• fce9460 📝 Update release notes
• 0227991 🔨 Exclude spam comments from statistics in scripts/people.py (#15088)
• cbd64b0 📝 Update release notes
• Additional commits viewable in compare view

Updates uvicorn from 0.29.0 to 0.42.0

Release notes

Sourced from uvicorn's releases.

Version 0.42.0

Changed

• Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

• Escape brackets and backslash in httptools HEADER_RE regex (#2824)
• Fix multiple issues in websockets sans-io implementation (#2825)

---

New Contributors

• @​bysiber made their first contribution in Kludex/uvicorn#2825

---

Full Changelog: Kludex/uvicorn@0.41.0...0.42.0

Version 0.41.0

Added

• Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• Add socket path to scope["server"] (#2561)

Changed

• Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

• Ignore permission denied errors in watchfiles reloader (#2817)
• Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• Reduce the log level of 'request limit exceeded' messages (#2788)

---

New Contributors

• @​t-kawasumi made their first contribution in Kludex/uvicorn#2776
• @​fardyn made their first contribution in Kludex/uvicorn#2800
• @​ewie made their first contribution in Kludex/uvicorn#2807
• @​shevron made their first contribution in Kludex/uvicorn#2788
• @​jonashaag made their first contribution in Kludex/uvicorn#2707

---

Full Changelog: Kludex/uvicorn@0.40.0...0.41.0

Version 0.40.0

What's Changed

... (truncated)

Changelog

Sourced from uvicorn's changelog.

0.42.0 (March 16, 2026)

Changed

• Use bytearray for request body accumulation to avoid O(n^2) allocation on fragmented bodies (#2845)

Fixed

• Escape brackets and backslash in httptools HEADER_RE regex (#2824)
• Fix multiple issues in websockets sans-io implementation (#2825)

0.41.0 (February 16, 2026)

Added

• Add --limit-max-requests-jitter to stagger worker restarts (#2707)
• Add socket path to scope["server"] (#2561)

Changed

• Rename LifespanOn.error_occured to error_occurred (#2776)

Fixed

• Ignore permission denied errors in watchfiles reloader (#2817)
• Ensure lifespan shutdown runs when should_exit is set during startup (#2812)
• Reduce the log level of 'request limit exceeded' messages (#2788)

0.40.0 (December 21, 2025)

Remove

• Drop support for Python 3.9 (#2772)

0.39.0 (December 21, 2025)

Fixed

• Send close frame on ASGI return for WebSockets (#2769)
• Explicitly start ASGI run with empty context (#2742)

0.38.0 (October 18, 2025)

Added

• Support Python 3.14 (#2723)

0.37.0 (September 23, 2025)

Added

... (truncated)

Commits

• 02bed6f Version 0.42.0 (#2852)
• d8f2501 chore: pre-create Config objects in benchmarks to measure protocol hot paths ...
• 9dbb783 Add WebSocket protocol benchmarks for wsproto and websockets-sansio (#2849)
• b3c69da Use bytearray for request body accumulation (#2845)
• 3f3ebee Disable pytest-xdist for CodSpeed benchmark runs (#2847)
• d072de7 Add fragmented body benchmark for chunked body accumulation (#2846)
• e300c2c Add CodSpeed benchmark suite for HTTP protocol hot paths (#2844)
• 1fa6976 Escape brackets and backslash in httptools HEADER_RE regex (#2824)
• 59ec1de Fix multiple issues in websockets sansio implementation (#2825)
• 2fc0efc Clarify Windows asyncio event loop selection in docs (#2843)
• Additional commits viewable in compare view

Updates python-dotenv from 1.2.1 to 1.2.2

Release notes

Sourced from python-dotenv's releases.

v1.2.2

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#)

Changed

• The dotenv run command now forwards flags directly to the specified command by @​bbc2 in theskumar/python-dotenv#607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by @​bbc2 in #790c5
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by @​JYOuyang in theskumar/python-dotenv#590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Misc

• skip 000 permission tests for root user by @​burnout-projects in theskumar/python-dotenv#561
• Bump actions/checkout from 5 to 6 in the github-actions group by @​dependabot[bot] in theskumar/python-dotenv#593
• Add Windows testing to CI by @​bbc2 in theskumar/python-dotenv#604
• Improve workflow efficiency with best practices by @​theskumar in theskumar/python-dotenv#609
• Remove the use of sh in tests by @​bbc2 in theskumar/python-dotenv#612

New Contributors

• @​JYOuyang made their first contribution in theskumar/python-dotenv#590
• @​burnout-projects made their first contribution in theskumar/python-dotenv#561
• @​cpackham-atlnz made their first contribution in theskumar/python-dotenv#597

Full Changelog: theskumar/python-dotenv@v1.2.1...v1.2.2

Changelog

Sourced from python-dotenv's changelog.

[1.2.2] - 2026-03-01

Added

• Support for Python 3.14, including the free-threaded (3.14t) build. (#588)

Changed

• The dotenv run command now forwards flags directly to the specified command by [@​bbc2] in #607
• Improved documentation clarity regarding override behavior and the reference page.
• Updated PyPy support to version 3.11.
• Documentation for FIFO file support.
• Dropped Support for Python 3.9.

Fixed

• Improved set_key and unset_key behavior when interacting with symlinks by [@​bbc2] in [790c5c0]
• Corrected the license specifier and added missing Python 3.14 classifiers in package metadata by [@​JYOuyang] in #590

Breaking Changes

• dotenv.set_key and dotenv.unset_key used to follow symlinks in some situations. This is no longer the case. For that behavior to be restored in all cases, follow_symlinks=True should be used.

• In the CLI, set and unset used to follow symlinks in some situations. This is no longer the case.

• dotenv.set_key, dotenv.unset_key and the CLI commands set and unset used to reset the file mode of the modified .env file to 0o600 in some situations. This is no longer the case: The original mode of the file is now preserved. Is the file needed to be created or wasn't a regular file, mode 0o600 is used.

Commits

• 36004e0 Bump version: 1.2.1 → 1.2.2
• eb20252 docs: update changelog for v1.2.2
• 790c5c0 Merge commit from fork
• 43340da Remove the use of sh in tests (#612)
• 09d7cee docs: clarify override behavior and document FIFO support (#610)
• c8de288 ci: improve workflow efficiency with best practices (#609)
• 7bd9e3d Add Windows testing to CI (#604)
• 1baaf04 Drop Python 3.9 support and update to PyPy 3.11 (#608)
• 4a22cf8 ci: enable testing on Python 3.14t (free-threaded) (#588)
• e2e8e77 Fix license specifier (#597)
• Additional commits viewable in compare view

Updates haystack-ai from 2.7.0 to 2.26.1

Release notes

Sourced from haystack-ai's releases.

v2.26.1

Security Notes

• Fixed an issue in ChatPromptBuilder where specially crafted template variables could be interpreted as structured content (e.g., images, tool calls) instead of plain text. Template variables are now automatically sanitized during rendering, ensuring they are always treated as plain text.

🐛 Bug Fixes

• Fix malformed log format string in DocumentCleaner. The warning for documents with None content used %{document_id} instead of {document_id}, preventing proper interpolation of the document ID.

v2.26.1-rc1

No release notes provided.

v2.26.0

⭐ Highlights

🧠 More Flexible Agents with Dynamic System Prompts

Agent now supports Jinja2 templating in system_prompt, enabling runtime parameter injection and conditional logic directly in system messages. This makes it easier to adapt agent behavior dynamically (e.g. language, tone, time-aware responses) and reuse agents across contexts without redefining prompts

from haystack.components.agents import Agent
from haystack.components.generators.chat import OpenAIChatGenerator
from haystack.dataclasses import ChatMessage
agent = Agent(
chat_generator=OpenAIChatGenerator(),
tools=[weather_tool],
system_prompt="""{% message role='system' %}
You always respond in {{language}}.
{% endmessage %}""",
required_variables=["language"],
)
result = agent.run(
messages=[ChatMessage.from_user("What is the weather in London?")],
language="Italian" # required variable for the system prompt
)
print(result["last_message"].text)
>> Il tempo a Londra è soleggiato.

🔍 LLMRanker for LLM-Based Reranking

LLMRanker introduces LLM-powered reranking, treating relevance as a semantic reasoning task rather than similarity scoring. This can yield better results for complex or multi-step queries compared to cross-encoders. The component can also filter out irrelevant/duplicate documents entirely, helping provide higher-quality context in RAG pipelines and agent workflows while keeping context windows lean.

from haystack import Document
from haystack.components.rankers import LLMRanker
ranker = LLMRanker()
documents = [
</tr></table>

... (truncated)

Commits

• 3dabe4b bump version to 2.26.1
• 95552b8 bump version to 2.26.1-rc1
• ebcc99c test: extend document stores Mixin tests (#10806)
• 3dfcf86 fix: Fix malformed log format string in DocumentCleaner (#10765)
• 99ab0b7 fix: improve Jinja2 Chat extension security (#10875)
• 4b49d32 Add SUPPORTED_MODELS to OpenAIResponsesChatGenerator (#10844)
• 6c995b9 bump version to 2.26.0
• 5a192fd bump version to 2.26.0-rc1
• a6339eb Sync Haystack API reference on Docusaurus (#10834)
• ca74143 Add warning if extra keys are output by a component that are not defined in @...
• Additional commits viewable in compare view

Updates openai from 1.109.1 to 2.30.0

Release notes

Sourced from openai's releases.

v2.30.0

2.30.0 (2026-03-25)

Full Changelog: v2.29.0...v2.30.0

Features

• api: add keys field to Click/DoubleClick/Drag/Move/Scroll computer actions (ee1bbed)

Bug Fixes

• api: align SDK response types with expanded item schemas (f3f258a)
• sanitize endpoint path params (89f6698)
• types: make type required in ResponseInputMessageItem (cfdb167)

Chores

• ci: skip lint on metadata-only changes (faa93e1)
• internal: update gitignore (c468477)
• tests: bump steady to v0.19.4 (f350af8)
• tests: bump steady to v0.19.5 (5c03401)
• tests: bump steady to v0.19.6 (b6353b8)
• tests: bump steady to v0.19.7 (1d654be)

Refactors

• tests: switch from prism to steady (4a82035)

v2.29.0

2.29.0 (2026-03-17)

Full Changelog: v2.28.0...v2.29.0

Features

• api: 5.4 nano and mini model slugs (3b45666)
• api: add /v1/videos endpoint to batches create method (c0e7a16)
• api: add defer_loading field to ToolFunction (3167595)
• api: add in and nin operators to ComparisonFilter type (664f02b)

Bug Fixes

• deps: bump minimum typing-extensions version (a2fb2ca)
• pydantic: do not pass by_alias unless set (8ebe8fb)

... (truncated)

Changelog

Sourced from openai's changelog.

2.30.0 (2026-03-25)

Full Changelog: v2.29.0...v2.30.0

Features

• api: add keys field to Click/DoubleClick/Drag/Move/Scroll computer actions (ee1bbed)

Bug Fixes

• api: align SDK response types with expanded item schemas (f3f258a)
• sanitize endpoint path params (89f6698)
• types: make type required in ResponseInputMessageItem (cfdb167)

Chores

• ci: skip lint on metadata-only changes (faa93e1)
• internal: update gitignore (c468477)
• tests: bump steady to v0.19.4 (f350af8)
• tests: bump steady to v0.19.5 (5c03401)
• tests: bump steady to v0.19.6 (b6353b8)
• tests: bump steady to v0.19.7 (1d654be)

Refactors

• tests: switch from prism to steady (4a82035)

2.29.0 (2026-03-17)

Full Changelog: v2.28.0...v2.29.0

Features

• api: 5.4 nano and mini model slugs (3b45666)
• api: add /v1/videos endpoint to batches create method (c0e7a16)
• api: add defer_loading field to ToolFunction (3167595)
• api: add in and nin operators to ComparisonFilter type (664f02b)

Bug Fixes

• deps: bump minimum typing-extensions version (a2fb2ca)
• pydantic: do not pass by_alias unless set (8ebe8fb)

Chores

... (truncated)

Commits

• 5ae2cc1 release: 2.30.0
• 6e772ae fix(api): align SDK response types with expanded item schemas
• cd72fba feat(api): add keys field to Click/DoubleClick/Drag/Move/Scroll computer actions
• 4f43fe3 chore(tests): bump steady to v0.19.7
• 23bc027 chore(ci): skip lint on metadata-only changes
• e3c59bf chore(tests): bump steady to v0.19.6
• 56ad9ca fix(types): make type required in ResponseInputMessageItem
• 78c764b chore(internal): update gitignore
• 634b74e chore(tests): bump steady to v0.19.5
• c8c9508 chore(tests): bump steady to v0.19.4
• Additional commits viewable in compare view

Updates qdrant-haystack from 7.0.0 to 10.3.0

Commits

• a019037 !test: QdrantDocumentStore use Mixin tests + updated signature `get_metada...
• bb28cc4 test: AstraDocumentStore use Mixin tests (#3027)
• 0341bf9 chore(deps): bump EndBug/add-and-commit from 9.1.4 to 10.0.0 (#3029)
• 6bd2182 chore(deps): bump tj-actions/changed-files from 47.0.0 to 47.0.5 (#3030)
• 52bf724 chore: pin GitHub Actions to specific commit SHAs (#3025)
• 6fb5cc0 Update the changelog
• b2a6d09 chore: drop redacted thinking support for AmazonBedrockChatGenerator (#2998)
• 0dacd9e test: ChromaDocumentStore use Mixin tests (#3026)
• 44eef9c Update the changelog
• a11c26e test: FaissDocumentStore use Mixin tests (#3024)
• Additional commits viewable in compare view

Updates tqdm from 4.67.1 to 4.67.3

Release notes

Sourced from tqdm's releases.

tqdm v4.67.3 stable

• fix py3.7 dependencies (#1706 <- #1705)

tqdm v4.67.2 stable

• support pandas>=3 (#1703 <- #1701, #1650, #1700)
• fix format_interval for negative numbers (#1703)
• misc linting
• framework updates (#1704)
  • bump CI workflow & pre-commit dependencies
  • add pyupgrade
  • add py3.13 support
  • fix py3.7 tests
  • update setuptools-scm usage
  • support auto-dedented docstrings when building docs in py3.13
• tests: relax flaky benchmarks

Commits

• 75bdb6c fix py3.7 compat
• 09a863b bump version, merge pull request #1704 from tqdm/devel
• 33d24cd update pyproject syntax
• 70b9124 add py3.13 support
• a74d8f8 drop _dist_ver
• 14d72e2 Merge pull request #1703 from wingding12/fix-pandas-3.0-and-negative-interval
• a69dac8 fix dedented docstrings
• a986d22 tests: fix pandas deprecation warnings
• bb7aa4d tests: fix pandas deprecated applymap
• 0647db1 misc tidy
• Additional commits viewable in compare view

Updates numpy from 1.26.4 to 2.4.3

Release notes

Sourced from numpy's releases.

2.4.3 (Mar 9, 2026)

NumPy 2.4.3 Release Notes

The NumPy 2.4.3 is a patch release that fixes bugs discovered after the 2.4.2 release. The most user visible fix may be a threading fix for OpenBLAS on ARM, closing issue #30816.

This release supports Python versions 3.11-3.14

Contributors

A total of 11 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Antareep Sarkar +
• Charles Harris
• Joren Hammudoglu
• Matthieu Darbois
• Matti Picus
• Nathan Goldbaum
• Peter Hawkins
• Pieter Eendebak
• Sebastian Berg
• Warren Weckesser
• stratakis +

Pull requests merged

A total of 14 pull requests were merged for this release.

• #30759: MAINT: Prepare 2.4.x for further development
• #30827: BUG: Fix some leaks found via LeakSanitizer (#30756)
• #30841: MAINT: Synchronize 2.4.x submodules with main
• #30849: TYP: matlib: missing extended precision imports
• #30850: BUG: Fix weak hash function in np.isin(). (#30840)
• #30921: BUG: fix infinite recursion in np.ma.flatten_structured_array...
• #30922: BUG: Fix buffer overrun in CPU baseline validation (#30877)
• #30923: BUG: Fix busdaycalendar's handling of a bool array weekmask....
• #30924: BUG: Fix reference leaks and NULL pointer dereferences (#30908)
• #30925: MAINT: fix two minor issues noticed when touching the C API setup
• #30955: ENH: Test .kind not .char in np.testing.assert_equal (#30879)
• #30957: BUG: fix type issues in uses if PyDataType macros
• #30958: MAINT: Don't use vulture 2.15, it has false positives
• #30973: MAINT: update openblas (#30961)

2.4.2 (Feb 1, 2026)

NumPy 2.4.2 Release Notes

The NumPy 2.4.2 is a patch release that fixes bugs discovered after the 2.4.1 release. Highlights are:

... (truncated)

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.4.0 release on Linux, which will be the first feature release using the numpy/numpy-release <https://github.com/numpy/numpy-release>__ repository.

The commands can be copied into the command line, but be sure to replace 2.4.0 with the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

• Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, multiple config and CI files need to be edited in addition to changing the minimum version in pyproject.toml. Make these changes in an ordinary PR against main and backport if necessary. We currently release wheels for new Python versions after the first Python RC once manylinux and cibuildwheel support that new Python version.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.4.x branch.

Update 2.4.0 milestones

Look at the issues/prs with 2.4.0 milestones and either push them off to a later version, or maybe remove the milestone. You may need to add a milestone.

Check the numpy-release repo

... (truncated)

Commits

• 8bcb2e7 Merge pull request #30974 from charris/prepare-2.4.3
• 9a2b5ee REL: Prepare for the NumPy 2.4.3 release
• a822ac2 Merge pull request #30973 from charris/backport-30961
• 039bf54 MAINT: update openblas (#30961)
• 254bafa Merge pull request #30955 from charris/backport-30879
• 0cc7d38 ENH: Test .kind not .char in np.testing.assert_equal (#30879)
• 9ee571d Merge pull request #30957 from charris/backport-30918
• f302a16 Merge pull request #30958 from charris/backport-30938
• d240a09 MAINT: Don't use vulture 2.15, it has false positives
• 4fc08e9 MAINT: Don't use vulture 2.15, it has false positives
• Additional commits viewable in compare view

Updates orjson from 3.11.5 to 3.11.7

Release notes

Sourced from orjson's releases.

3.11.7

Changed

• Use a faster library to serialize float. Users with byte-exact regression tests should note positive exponents are now written using a +, e.g., 1.2e+30 instead of 1.2e30. Both formats are spec-compliant.
• ABI compatibility with CPython 3.15 alpha 5 free-threading.

3.11.6

Changed

• orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
• Drop support for Python 3.9.
• ABI compatibility with CPython 3.15 alpha 5.
• Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

• Fix sporadic crash serializing deeply nested list of dict.

Changelog

Sourced from orjson's changelog.

3.11.7 - 2026-02-02

Changed

• Use a faster library to serialize float. Users with byte-exact regression tests should note positive exponents are now written using a +, e.g., 1.2e+30 instead of 1.2e30. Both formats are spec-compliant.
• ABI compatibility with CPython 3.15 alpha 5 free-threading.

3.11.6 - 2026-01-29

Changed

• orjson now includes code licensed under the Mozilla Public License 2.0 (MPL-2.0).
• Drop support for Python 3.9.
• ABI compatibility with CPython 3.15 alpha 5.
• Build now depends on Rust 1.89 or later instead of 1.85.

Fixed

• Fix sporadic crash serializing deeply nested list of dict.

Commits

• ec2b066 3.11.7
• 1ca01f7 zmij
• 1716a22 cargo update
• ec02024 3.11.6
• d581687 build, clippy misc
• 4105b29 writer::num
• 62bb185 Fix sporadic crash on serializing object close
• d860078 PyRef idiom refactors
• 343ae2f Deserializer, Utf8Buffer
• 7835f58 PyBytesRef and other input refactor
• Additional commits viewable in compare view

Updates ollama-haystack from 0.0.6 to 1.1.0

Commits

• bb949ef feat: Add Agent state-mapping parameters to MCPTool (#2501)
• dee4f0a docs: update changelog for integrations/anthropic (#2511)

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.