build(deps): bump the dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the dependencies group with 8 updates in the / directory:

Package	From	To
granian	1.7.6	2.2.0
transformers	4.49.0	4.50.0
protobuf	5.29.3	6.30.1
pymupdf	1.25.3	1.25.4
pyright	1.1.395	1.1.397
pytest	8.3.4	8.3.5
pylint	3.3.4	3.3.6
ruff	0.9.9	0.11.2

Updates granian from 1.7.6 to 2.2.0

Release notes

Sourced from granian's releases.

Granian 2.2.0

What's Changed

New features

• Allow to ignore workers failure with reload enabled (#528 by @​adhami3310)
• Allow to customize reload watcher frequency (#530 by @​adhami3310)

Changes

• Bump dependencies

Granian 2.1.2

Patch release

Changes since 2.1.1:

• Revert a change in WSGI implementation causing issues with threading module usage

Granian 2.1.1

Patch release

Changes since 2.1.0:

• Fix a bug in RSGI implementation preventing HTTP protocol client_disconnect usage with access log enabled

Granian 2.1.0

What's Changed

New features

• Support Server header value to be customized in applications
• Bump RSGI spec to 1.5
  • Add client_disconnect coroutine to HTTP protocol

Changes

• Bump PyO3 to 0.24
• Bump dependencies

Enhancements

• Wait for inflight requests to complete on workers shutdown
• Detect client disconnection in ASGI
• Minor ASGI I/O state flow refactor

Fixes

• Embed server shutdown

Granian 2.0.1

Patch release

Changes since 2.0.0:

• Fix a regression bug preventing anyio.to_thread.run_sync to run properly

Granian 2.0.0

What's Changed

... (truncated)

Commits

• cfea98a Bump dependencies
• c7f2f5b Allow to control watchfiles iter frequency (#530)
• 7c99f35 Allow to ignore workers failure when reloader is enabled (#528)
• e454214 Bump version to 2.2.0
• 5887b52 Revert unsendable on WSGIProtocol (#527)
• a4c875e Bump version to 2.1.2
• 77f7168 Add missing client_disconnect method to rsgi._LoggingProto
• 46f6208 Bump version to 2.1.1
• 07bb80f Bump dependencies
• 0c6897b Better var names in ASGI I/O
• Additional commits viewable in compare view

Updates transformers from 4.49.0 to 4.50.0

Release notes

Sourced from transformers's releases.

Release v4.50.0

New Model Additions

Model-based releases

Starting with version v4.49.0, we have been doing model-based releases, additionally to our traditional, software-based monthly releases. These model-based releases provide a tag from which models may be installed.

Contrarily to our software-releases; these are not pushed to pypi and are kept on our GitHub. Each release has a tag attributed to it, such as:

• v4.49.0-Gemma-3
• v4.49.0-AyaVision

⚠️ As bugs are identified and fixed on each model, the release tags are updated so that installing from that tag always gives the best experience possible with that model.

Each new model release will always be based on the current state of the main branch at the time of its creation. This ensures that new models start with the latest features and fixes available.

For example, if two models—Gemma-3 and AyaVision—are released from main, and then a fix for gemma3 is merged, it will look something like this:

              o---- v4.49.0-Gemma-3 (includes AyaVision, plus main fixes)
            /                  \  
---o--o--o--o--o-- (fix for gemma3) --o--o--o main
       \          
        o---- v4.49.0-AyaVision

We strive to merge model specific fixes on their respective branches as fast as possible!

Gemma 3

Gemma 3 is heavily referenced in the following model-based release and we recommend reading these if you want all the information relative to that model.

The Gemma 3 model was proposed by Google. It is a vision-language model composed by a SigLIP vision encoder and a Gemma 2 language decoder linked by a multimodal linear projection.

It cuts an image into a fixed number of tokens same way as Siglip if the image does not exceed certain aspect ratio. For images that exceed the given aspect ratio, it crops the image into multiple smaller pacthes and concatenates them with the base image embedding.

One particularity is that the model uses bidirectional attention on all the image tokens. Also, the model interleaves sliding window local attention with full causal attention in the language backbone, where each sixth layer is a full causal attention layer.

• Gemma3 by @​RyanMullins in #36658

Shield Gemma2

ShieldGemma 2 is built on Gemma 3, is a 4 billion (4B) parameter model that checks the safety of both synthetic and natural images against key categories to help you build robust datasets and models. With this addition to the Gemma family of models, researchers and developers can now easily minimize the risk of harmful content in their models across key areas of harm as defined below:

• No Sexually Explicit content: The image shall not contain content that depicts explicit or graphic sexual acts (e.g., pornography, erotic nudity, depictions of rape or sexual assault).
• No Dangerous Content: The image shall not contain content that facilitates or encourages activities that could cause real-world harm (e.g., building firearms and explosive devices, promotion of terrorism, instructions for suicide).
• No Violence/Gore content: The image shall not contain content that depicts shocking, sensational, or gratuitous violence (e.g., excessive blood and gore, gratuitous violence against animals, extreme injury or moment of death).

We recommend using ShieldGemma 2 as an input filter to vision language models, or as an output filter of image generation systems. To train a robust image safety model, we curated training datasets of natural and synthetic images and instruction-tuned Gemma 3 to demonstrate strong performance.

... (truncated)

Commits

• 0b057e6 fix import issue
• 26fbd69 v 4.50.0
• 523f6e7 Fix: dtype cannot be str (#36262)
• 3f9ff19 Minor Gemma 3 fixes (#36884)
• f94b0c5 Use deformable_detr kernel from the Hub (#36853)
• 2638d54 Gemma 3 tests expect greedy decoding (#36882)
• b8aadc3 🔴 🔴 🔴 supersede paligemma forward to shift p...
• 6321876 add eustlb as an actor
• 94f4876 [generate] model defaults being inherited only happens for newer models (#36881)
• f19d018 Revert "Update deprecated Jax calls (#35919)" (#36880)
• Additional commits viewable in compare view

Updates protobuf from 5.29.3 to 6.30.1

Commits

• 0d815c5 Updating version.json and repo version numbers to: 30.1
• ebb5224 Re-add system_python repo alias to MODULE.bazel (#20662)
• 4747628 Remove Java runtime classes from kotlin release. (#20607)
• 250c550 Fix python codegen crash when C++ features are used. (#20577)
• 3576a1f Loosen py_proto_library check to be on the import path instead of full direct...
• efa65c5 Merge pull request #20562 from protocolbuffers/30.x-202503042254
• 63fc9d6 Updating version.json and repo version numbers to: 30.1-dev
• d295af5 Updating version.json and repo version numbers to: 30.0
• a5c906a Split maven dependencies into dev vs local (#20549) (#20558)
• 6059cb7 Cherry-pick notices change for 30.x
• Additional commits viewable in compare view

Updates pymupdf from 1.25.3 to 1.25.4

Release notes

Sourced from pymupdf's releases.

PyMuPDF-1.25.4 released

PyMuPDF-1.25.4 has been released.

Wheels for Windows, Linux and MacOS, and the sdist, are available on pypi.org and can be installed in the usual way, for example:

python -m pip install --upgrade pymupdf

[Linux-aarch64 wheels will be built and uploaded later.]

Changes in version 1.25.4 (2025-03-14)

• Fixed issues:

  • Fixed #4079
  • Fixed #4224
  • Fixed #4303
  • Fixed #4309
  • Fixed #4336
  • Fixed #4341

• Other:

  • Fixed handling of duplicate widget names when joining PDFs (PR #4347).
  • Improved Pyodide build.
  • Avoid SWIG-related build errors with Python-3.13 by disabling PY_LIMITED_API.

Changelog

Sourced from pymupdf's changelog.

Change Log

Changes in version 1.25.4 (2025-03-14)

• Use MuPDF-1.25.5.

• Fixed issues:

  • Fixed 4079 <https://github.com/pymupdf/PyMuPDF/issues/4079>_: Unexpected result for apply_redactions()
  • Fixed 4224 <https://github.com/pymupdf/PyMuPDF/issues/4224>_: MuPDF error: format error: negative code in 1d faxd
  • Fixed 4303 <https://github.com/pymupdf/PyMuPDF/issues/4303>_: page.get_image_info() returns outdated cached results after replacing image
  • Fixed 4309 <https://github.com/pymupdf/PyMuPDF/issues/4309>_: FzErrorFormat Error When Deleting First Page
  • Fixed 4336 <https://github.com/pymupdf/PyMuPDF/issues/4336>_: Major Performance Regression: pix.color_count is 150x slower in version 1.25.3 compared to 1.23.8
  • Fixed 4341 <https://github.com/pymupdf/PyMuPDF/issues/4341>_: Invalid label retrieval when /Kids is an array of multiple /Nums

• Other:

  • Fixed handling of duplicate widget names when joining PDFs (PR #4347).
  • Improved Pyodide build.
  • Avoid SWIG-related build errors with Python-3.13 by disabling PY_LIMITED_API.

Changes in version 1.25.3 (2025-02-06)

• Use MuPDF-1.25.4.

• Fixed issues:

  • Fixed 4139 <https://github.com/pymupdf/PyMuPDF/issues/4139>_: Text color numbers change between 1.24.14 and 1.25.0
  • Fixed 4141 <https://github.com/pymupdf/PyMuPDF/issues/4141>_: Some insertion methods fails for pages without a /Resources object
  • Fixed 4180 <https://github.com/pymupdf/PyMuPDF/issues/4180>_: Search problems
  • Fixed 4182 <https://github.com/pymupdf/PyMuPDF/issues/4182>_: Text coordinate extraction error
  • Fixed 4245 <https://github.com/pymupdf/PyMuPDF/issues/4245>_: Highlighting issue distorted on recent versions
  • Fixed 4254 <https://github.com/pymupdf/PyMuPDF/issues/4254>_: add_freetext_annot is drawing text outside the annotation box

• Other:

  • In annotations:
    • Added support for subtype FreeTextCallout.
    • Added support for rich text.
  • Added miter_limit arg to insert_text*() to allow suppression of spikes caused by long miters.
  • Add Widget Support to Document.insert_pdf().
  • Add bibi to span dicts.
  • Add `synthetic' to char dict.
  • Fixed Pyodide builds.

Changes in version 1.25.2 (2025-01-17)

... (truncated)

Commits

• 05b0cfa Update version numbers and dates for release.
• a02c17d docs/functions.rst: document new colors_*() functions.
• 4e6cadd scripts/test.py: give immediate error if pyodide build is attempted with wron...
• 4b0ff58 tests/: Updated tests to take mupdf 1.25.5 into account.
• 702b8dc src/_wxcolors.py: added some new wx colors names.
• 254dd32 src/_wxcolors.py: sort color list.
• 910a217 src/: Reorganisation of global color table.
• 359efda changes.txt: various updates.
• 6823ab0 tests/: added test_3886().
• 911a59e tests/test_general.py: test_4319(): new.
• Additional commits viewable in compare view

Updates pyright from 1.1.395 to 1.1.397

Commits

• e283a98 Pyright NPM Package update to 1.1.397 (#339)
• 2a04b2c CI: bump actions versions (#340)
• 5617c6c [pyright updated to 1.1.396] Update Version (#338)
• 72e863b chore(ci): remove invalid reviewers (#336)
• See full diff in compare view

Updates pytest from 8.3.4 to 8.3.5

Release notes

Sourced from pytest's releases.

8.3.5

pytest 8.3.5 (2025-03-02)

Bug fixes

• #11777: Fixed issue where sequences were still being shortened even with -vv verbosity.
• #12888: Fixed broken input when using Python 3.13+ and a libedit build of Python, such as on macOS or with uv-managed Python binaries from the python-build-standalone project. This could manifest e.g. by a broken prompt when using Pdb, or seeing empty inputs with manual usage of input() and suspended capturing.
• #13026: Fixed AttributeError{.interpreted-text role="class"} crash when using --import-mode=importlib when top-level directory same name as another module of the standard library.
• #13053: Fixed a regression in pytest 8.3.4 where, when using --import-mode=importlib, a directory containing py file with the same name would cause an ImportError
• #13083: Fixed issue where pytest could crash if one of the collected directories got removed during collection.

Improved documentation

• #12842: Added dedicated page about using types with pytest.

  See types{.interpreted-text role="ref"} for detailed usage.

Contributor-facing changes

• #13112: Fixed selftest failures in test_terminal.py with Pygments >= 2.19.0
• #13256: Support for Towncrier versions released in 2024 has been re-enabled when building Sphinx docs -- by webknjaz{.interpreted-text role="user"}.

Commits

• b55ab2a Prepare release version 8.3.5
• e217726 Added dedicated page about using types with pytest #12842 (#12963) (#13260)
• 2fa3f83 Add more resources and studies to flaky tests page in docs (#13250) (#13259)
• e5c2efe Merge pull request #13256 from webknjaz/maintenance/towncrier-bump (#13258)
• 3419674 Merge pull request #13187 from pytest-dev/patchback/backports/8.3.x/b4009b319...
• b75cfb1 Add readline workaround for libedit (#13176)
• edbfff7 doc: Clarify capturing .readouterr() return value (#13222) (#13225)
• 2ebba00 Merge pull request #13199 from jakkdl/tox_docs_no_fetch (#13200)
• eb6496b doc: Change training to remote only (#13196) (#13197)
• 78cf1f6 ci: Bump build-and-inspect-python-package (#13188)
• Additional commits viewable in compare view

Updates pylint from 3.3.4 to 3.3.6

Commits

• 7ac5a4d Bump pylint to 3.3.6, update changelog
• 32871c5 Move deprecated 'tool.setuptools.license-files', remove license classifier (#...
• 6455c45 Add pyproject.fmt to the pre-commit tooling (#10220)
• e394611 Bump types-setuptools from 75.8.2.20250305 to 76.0.0.20250313 (#10279)
• 544464a [used-before-assignment] Fix FP for inner function return type (#10275) (#10285)
• f28d768 Ref #10260 -- Add documentation for the github output format (#10272) (#10273)
• 6b68f91 Add additional permissions for backport workflow (#10269) (#10270)
• 819d606 Minor improvements to release workflow (#10267)
• aaab3cc Bump pylint to 3.3.5, update changelog (#10266)
• 1052bc8 Bump pylint to 3.3.5a0, update changelog
• Additional commits viewable in compare view

Updates ruff from 0.9.9 to 0.11.2

Release notes

Sourced from ruff's releases.

0.11.2

Release Notes

Preview features

• [syntax-errors] Fix false-positive syntax errors emitted for annotations on variadic parameters before Python 3.11 (#16878)

Contributors

• @​AlexWaygood
• @​MatthewMckee4
• @​dhruvmanila
• @​junhsonjb
• @​mtshiba
• @​ntBre

Install ruff 0.11.2

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://github.com/astral-sh/ruff/releases/download/0.11.2/ruff-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy ByPass -c "irm https://github.com/astral-sh/ruff/releases/download/0.11.2/ruff-installer.ps1 | iex"

Download ruff 0.11.2

File	Platform	Checksum
ruff-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ruff-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ruff-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ruff-i686-pc-windows-msvc.zip	x86 Windows	checksum
ruff-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
ruff-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
ruff-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
ruff-powerpc64-unknown-linux-gnu.tar.gz	PPC64 Linux	checksum
ruff-powerpc64le-unknown-linux-gnu.tar.gz	PPC64LE Linux	checksum
ruff-s390x-unknown-linux-gnu.tar.gz	S390x Linux	checksum
ruff-x86_64-unknown-linux-gnu.tar.gz	x64 Linux	checksum
ruff-armv7-unknown-linux-gnueabihf.tar.gz	ARMv7 Linux	checksum
ruff-aarch64-unknown-linux-musl.tar.gz	ARM64 MUSL Linux	checksum
ruff-i686-unknown-linux-musl.tar.gz	x86 MUSL Linux	checksum
ruff-x86_64-unknown-linux-musl.tar.gz	x64 MUSL Linux	checksum
ruff-arm-unknown-linux-musleabihf.tar.gz	ARMv6 MUSL Linux (Hardfloat)	checksum

... (truncated)

Changelog

Sourced from ruff's changelog.

0.11.2

Preview features

• [syntax-errors] Fix false-positive syntax errors emitted for annotations on variadic parameters before Python 3.11 (#16878)

0.11.1

Preview features

• [airflow] Add chain, chain_linear and cross_downstream for AIR302 (#16647)
• [syntax-errors] Improve error message and range for pre-PEP-614 decorator syntax errors (#16581)
• [syntax-errors] PEP 701 f-strings before Python 3.12 (#16543)
• [syntax-errors] Parenthesized context managers before Python 3.9 (#16523)
• [syntax-errors] Star annotations before Python 3.11 (#16545)
• [syntax-errors] Star expression in index before Python 3.11 (#16544)
• [syntax-errors] Unparenthesized assignment expressions in sets and indexes (#16404)

Bug fixes

• Server: Allow FixAll action in presence of version-specific syntax errors (#16848)
• [flake8-bandit] Allow raw strings in suspicious-mark-safe-usage (S308) #16702 (#16770)
• [refurb] Avoid panicking unwrap in verbose-decimal-constructor (FURB157) (#16777)
• [refurb] Fix starred expressions fix (FURB161) (#16550)
• Fix --statistics reporting for unsafe fixes (#16756)

Rule changes

• [flake8-executables] Allow uv run in shebang line for shebang-missing-python (EXE003) (#16849,#16855)

CLI

• Add --exit-non-zero-on-format (#16009)

Documentation

• Update Ruff tutorial to avoid non-existent fix in __init__.py (#16818)
• [flake8-gettext] Swap format- and printf-in-get-text-func-call examples (INT002, INT003) (#16769)

0.11.0

This is a follow-up to release 0.10.0. Because of a mistake in the release process, the requires-python inference changes were not included in that release. Ruff 0.11.0 now includes this change as well as the stabilization of the preview behavior for PGH004.

Breaking changes

• Changes to how the Python version is inferred when a target-version is not specified (#16319)

  In previous versions of Ruff, you could specify your Python version with:

  • The target-version option in a ruff.toml file or the [tool.ruff] section of a pyproject.toml file.

... (truncated)

Commits

• 4773878 Bump 0.11.2 (#16896)
• 2a4d835 Use the common OperatorPrecedence for the parser (#16747)
• 04a8756 [red-knot] Check subtype relation between callable types (#16804)
• 193c381 [red-knot] Check whether two callable types are equivalent (#16698)
• 63e78b4 [red-knot] Ban most Type::Instance types in type expressions (#16872)
• 296d67a Special-case value-expression inference of special form subscriptions (#16877)
• 42cbce5 [syntax-errors] Fix star annotation before Python 3.11 (#16878)
• 6760251 Recognize SyntaxError: as an error code for ecosystem checks (#16879)
• 23382f5 [red-knot] add test cases result in false positive errors (#16856)
• c1971fd Bump 0.11.1 (#16871)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.