Bump the all-dependencies group across 1 directory with 4 updates

[dependabot]

Bumps the all-dependencies group with 4 updates in the / directory: pandas, numpy, requests and gunicorn.

Updates pandas from 3.0.1 to 3.0.2

Release notes

Sourced from pandas's releases.

pandas 3.0.2

We are pleased to announce the release of pandas 3.0.2. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits

• ab90747 RLS: 3.0.2 (#64934)
• 6f27013 Backport PR #64931 on branch 3.0.x (DOC/BLD: temporary disable upload of docs...
• 48ddc60 Backport PR #64664 on branch 3.0.x (BUG: DataFrame.sum() crashes on empty Dat...
• 8774488 [backport 3.0.x] PERF: fix slow python loop in validation for ArrowStringArra...
• 33af6cc Backport PR #64133 on branch 3.0.x (BUG: str.find returns byte offset instead...
• 4ef49d8 [backport 3.0.x] BUG: fix convert_dtypes dropping values from sliced mixed-dt...
• 0668f34 [backport 3.0.x] BUG: Fix HDFStore.put with StringDtype columns and compressi...
• 23f2f44 [backport 3.0.x] BUG: Suppress unnecessary RuntimeWarning in to_datetime with...
• 83ba804 Backport PR #64886: BUG: Compute Variance of Complex Numbers Correctly (#64892)
• bb5ca1a Backport PR #64386 on branch 3.0.x (BUG: fix sort_index AssertionError with R...
• Additional commits viewable in compare view

Updates numpy from 2.4.3 to 2.4.4

Release notes

Sourced from numpy's releases.

2.4.4 (Mar 29, 2026)

NumPy 2.4.4 Release Notes

The NumPy 2.4.4 is a patch release that fixes bugs discovered after the 2.4.3 release. It should finally close issue #30816, the OpenBLAS threading problem on ARM.

This release supports Python versions 3.11-3.14

Contributors

A total of 8 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Charles Harris
• Daniel Haag +
• Denis Prokopenko +
• Harshith J +
• Koki Watanabe
• Marten van Kerkwijk
• Matti Picus
• Nathan Goldbaum

Pull requests merged

A total of 7 pull requests were merged for this release.

• #30978: MAINT: Prepare 2.4.x for further development
• #31049: BUG: Add test to reproduce problem described in #30816 (#30818)
• #31052: BUG: fix FNV-1a 64-bit selection by using NPY_SIZEOF_UINTP (#31035)
• #31053: BUG: avoid warning on ufunc with where=True and no output
• #31058: DOC: document caveats of ndarray.resize on 3.14 and newer
• #31079: TST: fix POWER VSX feature mapping (#30801)
• #31084: MAINT: numpy.i: Replace deprecated sprintf with snprintf...

Commits

• be93fe2 Merge pull request #31090 from charris/prepare-2.4.4
• f5245dc REL: Prepare for the NumPy 2.4.4 release
• 02e838b Merge pull request #31084 from charris/backport-31056
• fa74b2d MAINT: numpy.i: Replace deprecated sprintf with snprintf (#31056)
• 533a6db Merge pull request #31079 from charris/backport-20801
• 9e496cb TST: fix POWER VSX feature mapping (#30801)
• 8052c4b Merge pull request #31058 from charris/backport-31021
• 7f13b5a MAINT: Skip test on PyPy.
• 4c5fdd6 MAINT: Remove unused import of tracemalloc.
• a3ca5ed Update numpy/_core/src/multiarray/shape.c
• Additional commits viewable in compare view

Updates requests from 2.33.0 to 2.33.1

Release notes

Sourced from requests's releases.

v2.33.1

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

New Contributors

• @​ferdnyc made their first contribution in psf/requests#7277

Full Changelog: https://github.com/psf/requests/blob/main/HISTORY.md#2331-2026-03-30

Changelog

Sourced from requests's changelog.

2.33.1 (2026-03-30)

Bugfixes

• Fixed test cleanup for CVE-2026-25645 to avoid leaving unnecessary files in the tmp directory. (#7305)
• Fixed Content-Type header parsing for malformed values. (#7309)
• Improved error consistency for malformed header values. (#7308)

Commits

• 111d2b7 v2.33.1
• f0198e6 Fix malformed value parsing for Content-Type (#7309)
• bc7dd0f Fix cosmetic header validity parsing regex (#7308)
• 4443b1a Fix unintended test extra (#7306)
• 389eea5 Cleanup extracted file after extract_zipped_path test (#7305)
• 7407309 Packaging: DRY out extras definition (#7277)
• See full diff in compare view

Updates gunicorn from 25.2.0 to 25.3.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 25.3.0

Bug Fixes

• HTTP/2 ASGI Body Duplication: Fix request body being received twice in HTTP/2 ASGI requests, causing JSON parsing errors with "Extra data" messages (#3558)

• ASGI Chunked EOF Handling: Add finish() method to callback parser to handle chunked encoding edge case where connection closes before final CRLF after zero-chunk

• HTTP/2 Documentation: Fix http_protocols examples to use comma-separated string instead of list syntax (#3561)

• Chunked Encoding: Reject chunk extensions containing bare CR bytes per RFC 9112 (#3556)

• Request Line Limit: Fix --limit-request-line 0 to mean unlimited as documented, instead of using default maximum. Works with both Python and fast C parser. (#3563)

Security

• ASGI Parser Header Validation: Add security checks per RFC 9110/9112:
  • Reject duplicate Content-Length headers
  • Reject requests with both Content-Length and Transfer-Encoding
  • Reject chunked transfer encoding in HTTP/1.0
  • Reject stacked chunked encoding
  • Validate Transfer-Encoding values
  • Strict chunk size validation

Changes

• Fast HTTP Parser: Update to gunicorn_h1c >= 0.6.3 for asgi_headers property and InvalidChunkExtension validation for bare CR rejection

• ASGI PROXY Protocol: Add PROXY protocol v1/v2 support to callback parser

• Docker Images: Update to Python 3.14

Commits

• 9bce72c Update changelog with missing 25.3.0 changes
• 2a15fdb Fix pylint isinstance-second-argument-not-valid-type warning
• 8d08aaa Fix --limit-request-line 0 to mean unlimited
• d40a374 Fix pytest-asyncio configuration and treq_asgi hex escapes
• da8bd48 Remove unused AsyncRequest class
• b00f125 Integrate gunicorn_h1c 0.6.3 with InvalidChunkExtension support
• bdb2ebd Reject chunk extensions with bare CR bytes (RFC 9112)
• 7057fc9 Fix http_protocols documentation to use string syntax
• d43acb8 Update to gunicorn_h1c >= 0.6.2 for asgi_headers support
• cbd27e8 Merge pull request #3559 from benleembruggen/fix/http2-asgi-body-duplication
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions