build(deps): bump the production group across 1 directory with 4 updates

[dependabot]

Bumps the production group with 4 updates in the / directory: numpy, pillow, polars and transformers.

Updates numpy from 2.2.3 to 2.2.5

Release notes

Sourced from numpy's releases.

v2.2.5 (Apr 19, 2025)

NumPy 2.2.5 Release Notes

NumPy 2.2.5 is a patch release that fixes bugs found after the 2.2.4 release. It has a large number of typing fixes/improvements as well as the normal bug fixes and some CI maintenance.

This release supports Python versions 3.10-3.13.

Contributors

A total of 7 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Charles Harris
• Joren Hammudoglu
• Baskar Gopinath +
• Nathan Goldbaum
• Nicholas Christensen +
• Sayed Adel
• karl +

Pull requests merged

A total of 19 pull requests were merged for this release.

• #28545: MAINT: Prepare 2.2.x for further development
• #28582: BUG: Fix return type of NpyIter_GetIterNext in Cython declarations
• #28583: BUG: avoid deadlocks with C++ shared mutex in dispatch cache
• #28585: TYP: fix typing errors in _core.strings
• #28631: MAINT, CI: Update Ubuntu to 22.04 in azure-pipelines
• #28632: BUG: Set writeable flag for writeable dlpacks.
• #28633: BUG: Fix crackfortran parsing error when a division occurs within...
• #28650: TYP: fix ndarray.tolist() and .item() for unknown dtype
• #28654: BUG: fix deepcopying StringDType arrays (#28643)
• #28661: TYP: Accept objects that write() to str in savetxt
• #28663: CI: Replace QEMU armhf with native (32-bit compatibility mode)
• #28682: SIMD: Resolve Highway QSort symbol linking error on aarch32/ASIMD
• #28683: TYP: add missing "b1" literals for dtype[bool]
• #28705: TYP: Fix false rejection of NDArray[object_].__abs__()
• #28706: TYP: Fix inconsistent NDArray[float64].__[r]truediv__ return...
• #28723: TYP: fix string-like ndarray rich comparison operators
• #28758: TYP: some [arg]partition fixes
• #28772: TYP: fix incorrect random.Generator.integers return type
• #28774: TYP: fix count_nonzero signature

Checksums

MD5

... (truncated)

Commits

• 7be8c1f Merge pull request #28777 from charris/prepare-2.2.5
• d561f09 REL: Prepare for the NumPy 2.2.5 release [wheel build]
• b3e772c Merge pull request #28774 from charris/backport-28750
• 9005fc1 TYP: Update numpy/_core/numeric.pyi
• 8adcf87 TYP: fix count_nonzero signature
• 29f6e15 Merge pull request #28772 from charris/backport-28738
• b0c01d5 TYP: fix incorrect random.Generator.integers return type
• c200e8c Merge pull request #28758 from charris/backport-28747
• cbafc53 TYP: some [arg]partition fixes
• 90fdcf9 Merge pull request #28723 from charris/backport-28717
• Additional commits viewable in compare view

Updates pillow from 11.1.0 to 11.2.1

Release notes

Sourced from pillow's releases.

11.2.1

https://pillow.readthedocs.io/en/stable/releasenotes/11.2.1.html

Deprecations

• Moved get_child_images() to ImageFile #8689 [@​radarhere]

Documentation

• Add 11.2.1 release notes #8885 [@​radarhere]
• Added avif to config settings #8875 [@​radarhere]
• Added release notes for #8330 #8853 [@​radarhere]
• Added release notes for #8781 and #8837 #8843 [@​radarhere]
• Added media_white_point to ImageCms documentation #8829 [@​radarhere]
• Removed FIXME #8825 [@​radarhere]
• Updated comment #8822 [@​radarhere]
• Added release notes for #8807 #8824 [@​radarhere]
• DXT3 images are read in RGBA mode #8817 [@​radarhere]
• JPEG comments are from the COM marker #8788 [@​radarhere]
• Update Sphinx to 8.2 to remove nitpick ignore #8763 [@​radarhere]
• Updated AffineTransform docstring to mention it uses the inverse matrix #8735 [@​radarhere]
• Added MozJPEG documentation #8699 [@​radarhere]
• Added Sphinx configuration key #8691 [@​radarhere]
• Updated macOS tested Pillow versions #8654 [@​radarhere]

Dependencies

• Updated xz to 5.8.1 #8868 [@​radarhere]
• Updated harfbuzz to 11.0.1 #8870 [@​radarhere]
• Update scientific-python/upload-nightly-action action to v0.6.2 #8865 [@renovate[bot]]
• Updated xz to 5.8.0 in macOS and Linux wheels, but not on manylinux2014 #8836 [@​radarhere]
• Update dependency cibuildwheel to v2.23.2 #8832 [@renovate[bot]]
• Updated harfbuzz to 11.0.0 #8830 [@​radarhere]
• Update dependency cibuildwheel to v2.23.1 #8818 [@renovate[bot]]
• Updated Ghostscript to 10.5.0 #8814 [@​radarhere]
• Updated libtiff to 4.7.0 #8812 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #8795 [@pre-commit-ci[bot]]
• Updated harfbuzz to 10.4.0 #8770 [@​radarhere]
• Update dependency mypy to v1.15.0 #8791 [@renovate[bot]]
• Updated libpng to 1.6.47 #8764 [@​radarhere]
• Updated lcms2 to 2.17 #8742 [@​radarhere]
• Update dependency cibuildwheel to v2.23.0 #8785 [@renovate[bot]]
• Updated zlib-ng to 2.2.4 #8745 [@​radarhere]
• Updated libimagequant to 4.3.4 on Windows #8744 [@​radarhere]
• [pre-commit.ci] pre-commit autoupdate #8729 [@pre-commit-ci[bot]]
• Updated harfbuzz to 10.2.0 #8688 [@​radarhere]
• Updated xz to 5.6.4 #8711 [@​radarhere]
• Updated libpng to 1.6.46 #8712 [@​radarhere]
• Updated libimagequant to 4.3.4 #8710 [@​radarhere]
• Updated libpng to 1.6.45 #8670 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

Changelog (Pillow)

Commits

• 339bc5d 11.2.1 version bump
• 857b884 Merge pull request #8885 from radarhere/releasenotes
• 7a0092f Remove incomplete 11.2.0 release, bill as 11.2.1 instead
• d52c2db Do not include libavif in wheels
• 8dafc38 Added 11.2.1 release notes
• 07d7800 Removed release notes update
• 0490948 Remove GPL v2 license (#8884)
• 774d0ae Merge pull request #8868 from radarhere/xz_upgrade
• d1e27fc Merge pull request #8870 from radarhere/harfbuzz_upgrade
• c8d98d5 Added avif to config settings (#8875)
• Additional commits viewable in compare view

Updates polars from 1.24.0 to 1.28.1

Release notes

Sourced from polars's releases.

Python Polars 1.28.1

🐞 Bug fixes

• Reading of reencoded categorical in Parquet (#22436)
• Last thread in parquet predicate filter oob (#22429)

📖 Documentation

• Fix a few typos in the new "multiplexing" page (#22434)
• Add multiplexing page (#22426)

📦 Build system

• Update pyo3 and numpy crates to version 0.24 (#22015)

🛠️ Other improvements

• Add test for implode + over (#22437)
• Fix CI by removing use_legacy_dataset (#22438)
• Only use pytorch index-url for pytorch package (#22355)

Thank you to all our contributors for making this release possible! @​bschoenmaeckers, @​coastalwhite, @​etiennebacher, @​mcrumiller and @​ritchie46

Python Polars 1.28.0

🚀 Performance improvements

• Lower Expr.(n_)unique to group_by on streaming engine (#22420)
• Chunk huge munmap calls (#22414)
• Add single-key variants of streaming group_by (#22409)
• Improve accumulate_dataframes_vertical performance (#22399)
• Use optimize rolling_quantile with varying window sizes (#22353)
• Dedicated rolling_skew kernel (#22333)
• Call large munmap's in background thread (#22329)
• New streaming group_by implementation (#22285)
• Patch jemalloc to not purge huge allocs eagerly if we have background threads (#22318)
• Turn on parallel=prefiltered by default for new streaming (#22190)

✨ Enhancements

• When reporting unexpected types in errors, module-qualify the typename (#22390)
• Add Series backward_fill / forward_fill (#22360)
• Add GPU support to sink_* APIs (#20940)
• Changed mapping type from dict to Mapping (#19400) (#19436)
• Make streaming dispatch public (#22347)
• Add rolling_kurtosis (#22335)
• Support Cast in IO plugin predicates (#22317)
• Add .sort(nulls_last=True) to booleans, categoricals and enums (#22300)
• Add rolling min/max for temporals (#22271)
• Support literal:list agg (#22249)

... (truncated)

Commits

• 506319e chore: Add test for implode + over (#22437)
• 3e64135 fix: Reading of reencoded categorical in Parquet (#22436)
• 180d740 chore: Fix CI by removing use_legacy_dataset (#22438)
• d72531f Python Polars 1.28.1 (fix mac aarch64) (#22431)
• 002ba05 docs(python): Fix a few typos in the new "multiplexing" page (#22434)
• 29ae86e chore: Only use pytorch index-url for pytorch package (#22355)
• 0f39739 docs: Add multiplexing page (#22426)
• fe9989c build(python): Update pyo3 and numpy crates to version 0.24 (#22015)
• 1b4f258 fix: Last thread in parquet predicate filter oob (#22429)
• 8d30e79 Python Polars 1.28.0 (#22419)
• Additional commits viewable in compare view

Updates transformers from 4.50.0 to 4.51.3

Release notes

Sourced from transformers's releases.

Patch release v4.51.3

A mix of bugs were fixed in this patch; very exceptionally, we diverge from semantic versioning to merge GLM-4 in this patch release.

• Handle torch ver in flexattn (#37400)
• handle torch version edge cases (#37399)
• Add glm4 (#37388)

Patch Release 4.51.2

This is another round of bug fixes, but they are a lot more minor and outputs were not really affected!

• Fix Llama4 offset (#37414) by @​Cyrilvallez
• Attention Quantization with FBGemm & TP (#37384) by @​MekkCyber
• use rms_norm_eps for the L2Norm for Llama4 (#37418) by @​danielhanchen
• mark llama4 as not supported with fa2 (#37416) by @​winglian

Patch release v4.51.1

Since the release of Llama 4, we have fixed a few issues that we are now releasing in patch v4.51.1

• Fixing flex attention for torch=2.6.0 (#37285)
• more fixes for post-training llama4 (#37329)
• Remove HQQ from caching allocator warmup (#37347)
• fix derived berts _init_weights (#37341)
• Fix init empty weights without accelerate (#37337)
• Fix deepspeed with quantization (#37324)
• fix llama4 training (#37319)
• fix flex attn when optional args aren't passed (#37327)
• Multiple llama4 fixe (#37353)

Thanks all for your patience

v4.51.0: Llama 4, Phi4-Multimodal, DeepSeek-v3, Qwen3

New Model Additions

Llama 4

Llama 4, developed by Meta, introduces a new auto-regressive Mixture-of-Experts (MoE) architecture.This generation includes two models:

• The highly capable Llama 4 Maverick with 17B active parameters out of ~400B total, with 128 experts.
• The efficient Llama 4 Scout also has 17B active parameters out of ~109B total, using just 16 experts.

Both models leverage early fusion for native multimodality, enabling them to process text and image inputs. Maverick and Scout are both trained on up to 40 trillion tokens on data encompassing 200 languages (with specific fine-tuning support for 12 languages including Arabic, Spanish, German, and Hindi).

For deployment, Llama 4 Scout is designed for accessibility, fitting on a single server-grade GPU via on-the-fly 4-bit or 8-bit quantization, while Maverick is available in BF16 and FP8 formats. These models are released under the custom Llama 4 Community License Agreement, available on the model repositories

Getting started with Llama 4 using transformers is straightforward. Make sure you have transformers v4.51.0 or later installed:

pip install -U transformers[hf_xet]
</tr></table> 

... (truncated)

Commits

• 5f4ecf2 Release: v4.51.3
• befb534 Handle torch ver in flexattn (#37400)
• bffeefe handle torch version edge cases (#37399)
• 5c076fb Add glm4 (#37388)
• 28c9541 Attention Quantization with FBGemm & TP (#37384)
• 5651207 use rms_norm_eps for the L2Norm for Llama4 (#37418)
• ac9c7f3 mark llama4 as not supported with fa2 (#37416)
• 894783c Fix Llama4 offset (#37414)
• eae06ff v4.51.2
• 3148a41 the fix that did not get in (#37370)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions