chore(deps): update python packages

[renovate]

This PR contains the following updates:

Package	Change	Age	Confidence
bandit (source, changelog)	1.9.3 → 1.9.4
debugpy (source)	1.8.19 → 1.8.20
grpcio	1.76.0 → 1.80.0
ni-python-styleguide	0.4.8 → 0.4.9
nidaqmx	1.4.0 → 1.4.1
numpy (changelog)	2.4.1 → 2.4.4
protobuf	6.33.5 → 6.33.6
pytest-cov (changelog)	7.0.0 → 7.1.0
sphinx-autoapi	3.6.1 → 3.8.0
streamlit-echarts	0.4.0 → 0.6.0
types-protobuf (changelog)	6.32.1.20251210 → 6.32.1.20260221

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

PyCQA/bandit (bandit)

v1.9.4

Compare Source

What's Changed

• chore: fixed some typos in comments by @​jakob1379 in #​1351
• Bump docker/login-action from 3.6.0 to 3.7.0 by @​dependabot[bot] in #​1353
• Bump docker/build-push-action from 6.18.0 to 6.19.2 by @​dependabot[bot] in #​1357
• Fix B613 crash when reading from stdin by @​worksbyfriday in #​1361
• Include filename in nosec 'no failed test' warning by @​worksbyfriday in #​1363
• Fix B615 false positive when revision is set via variable by @​worksbyfriday in #​1358
• Lower version guard in check_ast_node to Python 3.12 by @​rcgray in #​1355
• Fix B106 reporting wrong line number on multiline function calls by @​worksbyfriday in #​1360

New Contributors

• @​jakob1379 made their first contribution in #​1351
• @​worksbyfriday made their first contribution in #​1361
• @​rcgray made their first contribution in #​1355

Full Changelog: PyCQA/bandit@1.9.3...1.9.4

microsoft/debugpy (debugpy)

v1.8.20: debugpy v1.8.20

Compare Source

Fixes for:

• annotate in 3.14 causing exceptions: #​1971

Enhancements:

• Use remote_exec if available: c7e86a1
• Support more architectures: 1bbecdf

Infrastructure work:

• Support devcontainers for development: 7dbc229

Thanks to @​rameshvarun, @​Xeonacid, and @​pdepetro for the commits

grpc/grpc (grpcio)

v1.80.0

Compare Source

This is release 1.80.0 (glimmering) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

• [ssl] Implement TLS private key signer in Python. (#​41701)
• [TLS Credentials]: Private Key Offload Implementation. (#​41606)
• Fix max sockaddr struct size on OpenBSD. (#​40454)
• [core] Enable EventEngine for Python by default, and EventEngine fork support in Python and Ruby. (#​41432)
• [TLS Credentials]: Create InMemoryCertificateProvider to update certificates independently. (#​41484)
• [Ruby] Build/test ruby 4.0 and build native gems with Ruby 4.0 support. (#​41324)
• [EventEngine] Remove an incorrect std::move in DNSServiceResolver constructor. (#​41502)
• [RR and WRR] enable change to connect from a random index. (#​41472)
• [xds] Implement gRFC A101. (#​41051)

C++

• [C++] Add SNI override option to C++ channel credentials options API. (#​41460)

C#

• [C# tools] Option to append Async to server side method names #​39010. (#​39797)

Objective-C

• [Fix][Compiler] Plugins fall back to the edition 2023 for older protobuf. (#​41357)

PHP

• [PHP] Disable php infinite recursion check for callback from Core to PHP. (#​41835)
• [PHP] Fix runtime error with PHp8.5 alpha because zend_exception_get_defaul…. (#​40337)

Python

• [Python] Fix GRPC_TRACE not working when absl log initialized in cython. (#​41814)
• Revert "[Python] Align GRPC_ENABLE_FORK_SUPPORT env defaults in core and python (#​41455)". (#​41769)
• [Python] Fix AsyncIO Server maximum_concurrent_rpcs enforcement preventing negative active_rpcs count. (#​41532)
• [Python] Docs: correct grpc.Compression references. (#​41705)
• [Python] [Typeguard] Part 4 - Add Typeguard to AIO stack in tests . (#​40226)
• [Python] Fix multi-thread exception for Asyncio gRPC clients - Fixes #​25364. (#​41483)
• [Python] Resolve absl::InitializeLog warning. (#​39779)
• [Python] Remove IF usage in Cython. (#​41400)
• [Python] Add language features to exported proto files. (#​41501)
• [Python] Fix crash when iterating on AIO Metadata keys(), values(), items() or list(metadata.values()) etc. . (#​41481)
• [Python] Modernize and revamp Public API Docs. (#​41287)

Ruby

• [Ruby] Added support to push native-debug packages off rubygems to public gcs bucket. (#​41270)

v1.78.1

Compare Source

This is release 1.78.1 (gutsy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Python

Added 2026-03-12:
CAUTION! This gRPC Python release 1.78.1 was yanked from PyPI on 2026-02-26 due to issue #​41725.

• [REVERTED] Remove unintentional log WARNING: All log messages before absl::InitializeLog() is called are written to STDERR. (#​41639)
• [REVERTED] Fix inconsistent GRPC_ENABLE_FORK_SUPPORT runtime defaults between gRPC Core and Python. (#​41588).
  • This fixed #​37710, a request processing hang in certain multithreaded environments: Other threads are currently calling into gRPC, skipping fork() handlers.
• Modernize the API Docs site: https://grpc.github.io/grpc/python. (#​41494)

Ruby

• Build/test ruby 4.0 and build native gems with Ruby 4.0 support. (#​41554)

v1.78.0

Compare Source

This is release 1.78.0 (gutsy) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

C++

• adding address_sorting dep in naming test build. (#​41045)

Objective-C

• [Backport][v1.78.x][Fix][Compiler] Plugins fall back to the edition 2023 for older protobuf. (#​41358)

Python

• [python] aio: fix race condition causing asyncio.run() to hang forever during the shutdown process. (#​40989)
• [Python] Migrate to pyproject.toml build system from setup.py builds. (#​40833)
• [Python] Log error details when ExecuteBatchError occurs (at DEBUG level). (#​40921)
• [Python] Update setuptools min version to 77.0.1 . (#​40931)

Ruby

• [ruby] Fix version comparison for the ruby_abi_version symbol for ruby 4 compatibility. (#​41061)

ni/python-styleguide (ni-python-styleguide)

v0.4.9

Compare Source

Fixed

• Work around "No module named 'pkg_resources'" by pinning setuptools to <82 (#​275)

ni/nidaqmx-python (nidaqmx)

v1.4.1

Compare Source

• Merged Pull Requests

  • Full changelog: 1.4.0...1.4.1

• Resolved Issues

  • ...

• Major Changes

  • Update installer metadata using DAQmx version 26.0.0

• Known Issues

  • ...

numpy/numpy (numpy)

v2.4.4: 2.4.4 (Mar 29, 2026)

Compare Source

NumPy 2.4.4 Release Notes

The NumPy 2.4.4 is a patch release that fixes bugs discovered after the 2.4.3
release. It should finally close issue #​30816, the OpenBLAS threading problem
on ARM.

This release supports Python versions 3.11-3.14

Contributors

A total of 8 people contributed to this release. People with a "+" by their
names contributed a patch for the first time.

• Charles Harris
• Daniel Haag +
• Denis Prokopenko +
• Harshith J +
• Koki Watanabe
• Marten van Kerkwijk
• Matti Picus
• Nathan Goldbaum

Pull requests merged

A total of 7 pull requests were merged for this release.

• #​30978: MAINT: Prepare 2.4.x for further development
• #​31049: BUG: Add test to reproduce problem described in #​30816 (#​30818)
• #​31052: BUG: fix FNV-1a 64-bit selection by using NPY_SIZEOF_UINTP (#​31035)
• #​31053: BUG: avoid warning on ufunc with where=True and no output
• #​31058: DOC: document caveats of ndarray.resize on 3.14 and newer
• #​31079: TST: fix POWER VSX feature mapping (#​30801)
• #​31084: MAINT: numpy.i: Replace deprecated sprintf with snprintf...

v2.4.3

Compare Source

v2.4.2

Compare Source

pytest-dev/pytest-cov (pytest-cov)

v7.1.0

Compare Source

• Fixed total coverage computation to always be consistent, regardless of reporting settings.
  Previously some reports could produce different total counts, and consequently can make --cov-fail-under behave different depending on
  reporting options.
  See #&#8203;641 <https://github.com/pytest-dev/pytest-cov/issues/641>_.

• Improve handling of ResourceWarning from sqlite3.

  The plugin adds warning filter for sqlite3 ResourceWarning unclosed database (since 6.2.0).
  It checks if there is already existing plugin for this message by comparing filter regular expression.
  When filter is specified on command line the message is escaped and does not match an expected message.
  A check for an escaped regular expression is added to handle this case.

  With this fix one can suppress ResourceWarning from sqlite3 from command line::

  pytest -W "ignore:unclosed database in <sqlite3.Connection object at:ResourceWarning" ...

• Various improvements to documentation.
  Contributed by Art Pelling in #&#8203;718 <https://github.com/pytest-dev/pytest-cov/pull/718>_ and
  "vivodi" in #&#8203;738 <https://github.com/pytest-dev/pytest-cov/pull/738>.
  Also closed #&#8203;736 <https://github.com/pytest-dev/pytest-cov/issues/736>.

• Fixed some assertions in tests.
  Contributed by in Markéta Machová in #&#8203;722 <https://github.com/pytest-dev/pytest-cov/pull/722>_.

• Removed unnecessary coverage configuration copying (meant as a backup because reporting commands had configuration side-effects before coverage 5.0).

readthedocs/sphinx-autoapi (sphinx-autoapi)

v3.8.0

Compare Source

Features
^^^^^^^^

• Autodoc-style directives can access members excluded by autoapi_options

Misc
^^^^

• #​553

v3.7.0

Compare Source

Features
^^^^^^^^

• Added autoapi.import warning for when AutoAPI directives are given non-existent objects
• Adding autoapi_follow_symlinks, which allows api to traverse into symlinked directories when generating the API documentation.
• Drop support for Python 3.9 and officially support Python 3.14
• Support rendering PEP-695 type parameters

Bugfixes
^^^^^^^^

• Render typing_extensions.TypeAlias like other type aliases (#​520)
• Fix PythonFunction.overloads typing when source code overload(s) do not provide a return type (#​523)

Misc
^^^^

• Fix deprecation warnings raised by astroid and sphinx
• Handling case where match returns None to fix mypy unit test.

andfanilo/streamlit-echarts (streamlit-echarts)

v0.6.0

Compare Source

What's Changed

• Rewrite frontend with native ECharts API, add selection support, Streamlit theme, agent harness through skills/commands->subagents

v0.5.0

Compare Source

Changed

• BREAKING: Migrated to Streamlit Components v2 API
• BREAKING: Removed st_pyecharts wrapper — use json.loads(chart.dump_options()) + st_echarts instead
• Dropped pyecharts and simplejson as package dependencies (user installs them separately)
• Upgraded frontend build toolchain from Create React App to Vite + TypeScript
• Upgraded ECharts from v5 to v6
• Event return values now use result.chart_event on the Python side

---

Configuration

📅 Schedule: (in timezone US/Central)

• Branch creation
  • Only on Sunday (* * * * 0)
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Test Results

0 files   -     8  0 suites   - 8   0s ⏱️ -25s
0 tests  -   256  0 ✅  -   256  0 💤 ±0  0 ❌ ±0 
0 runs   - 2 008  0 ✅  - 2 008  0 💤 ±0  0 ❌ ±0 

Results for commit 719bf0e. ± Comparison against base commit 4e5e622.

♻️ This comment has been updated with latest results.

[bkeryan]

⚠️ Artifact update problem

Renovate failed to update artifacts related to this branch. You probably do not want to merge this PR as-is.

♻ Renovate will retry this branch, including artifacts, only when one of the following happens:

• any of the package files in this branch needs updating, or
• the branch becomes conflicted, or
• you click the rebase/retry checkbox if found above, or
• you rename this PR's title to start with "rebase!" to trigger it manually

The artifact failure details are included below:

File name: pyproject.toml

Artifact update for grpcio resolved to version 1.80.0, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 1.78.0
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

File name: pyproject.toml

Artifact update for numpy resolved to version 2.4.4, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 2.4.3
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

File name: pyproject.toml

Artifact update for numpy resolved to version 2.4.4, which is a pending version that has not yet passed the Minimum Release Age threshold.
Renovate was attempting to update to 2.4.3
This is (likely) not a bug in Renovate, but due to the way your project pins dependencies, _and_ how Renovate calls your package manager to update them.
Until Renovate supports specifying an exact update to your package manager (https://github.com/renovatebot/renovate/issues/41624), it is recommended to directly pin your dependencies (with `rangeStrategy=pin` for apps, or `rangeStrategy=widen` for libraries)
See also: https://docs.renovatebot.com/dependency-pinning/

Poetry issue about adding this capability: python-poetry/poetry#2758