build(deps): bump the python-runtime group with 8 updates

[dependabot]

Bumps the python-runtime group with 8 updates:

Package	From	To
mcp	1.27.1	1.27.2
scikit-learn	1.8.0	1.9.0
anthropic	0.102.0	0.107.1
numpy	2.4.5	2.4.6
soundfile	0.13.1	0.14.0
torchcodec	0.12.0	0.14.0
pytest-asyncio	1.3.0	1.4.0
ruff	0.15.13	0.15.16

Updates mcp from 1.27.1 to 1.27.2

Release notes

Sourced from mcp's releases.

v1.27.2

What's Changed

• [v1.x] ci: deploy docs to py.sdk.modelcontextprotocol.io via Pages artifact by @​maxisbey in modelcontextprotocol/python-sdk#2635
• [v1.x] Add subject and claims to AccessToken by @​maxisbey in modelcontextprotocol/python-sdk#2690
• [v1.x] Bind transport sessions to the authenticated principal by @​maxisbey in modelcontextprotocol/python-sdk#2719
• [v1.x] Scope experimental tasks to the session that created them by @​maxisbey in modelcontextprotocol/python-sdk#2720

Full Changelog: modelcontextprotocol/python-sdk@v1.27.1...v1.27.2

Commits

• 6213787 [v1.x] Scope experimental tasks to the session that created them (#2720)
• ce267b6 [v1.x] Bind transport sessions to the authenticated principal (#2719)
• 1abcca2 [v1.x] Add subject and claims to AccessToken (#2690)
• 9773a3f [v1.x] ci: deploy docs to py.sdk.modelcontextprotocol.io via Pages artifact (...
• See full diff in compare view

Updates scikit-learn from 1.8.0 to 1.9.0

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.9.0

We're happy to announce the 1.9.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_9_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.9.html

This release adds narwhals as a new dependency that will help to improve dataframe interoperability across the project.

This version supports Python versions 3.11 to 3.14.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Commits

• 77def0e trigger wheel builder [cd build]
• ee7c0b0 generate changelog
• 3d7fb04 bump version
• 8954e7b DOC Release highlights for 1.9 (#34147)
• 73a3eab Fix: Array-API - avoid failing for numpy fit + predict with sparse or array-l...
• 8839aae DOC Thread-safety requirement for open_listener message consumer callback (#3...
• 4d2476a DOC Refactor array API docs page (#34054)
• f9f812f 🔒 🤖 CI Update lock files for scipy-dev CI build(s) 🔒 🤖 ...
• d779dc3 🔒 🤖 CI Update lock files for free-threaded CI build(s) 🔒 :rob...
• 6a03cf0 🔒 🤖 CI Update lock files for array-api CI build(s) 🔒 🤖 ...
• Additional commits viewable in compare view

Updates anthropic from 0.102.0 to 0.107.1

Release notes

Sourced from anthropic's releases.

v0.107.1

0.107.1 (2026-06-07)

Full Changelog: v0.107.0...v0.107.1

Bug Fixes

• foundry: send x-api-key header for API-key auth (#62) (1338141), closes #1661

v0.107.0

0.107.0 (2026-06-06)

Full Changelog: v0.106.0...v0.107.0

Features

• api: small updates to Managed Agents types (72923f9)

v0.106.0

0.106.0 (2026-06-05)

Full Changelog: v0.105.2...v0.106.0

Features

• api: mark Claude Opus 4.1 as deprecated (85068cc)

Bug Fixes

• client: make Foundry client copy() and with_options() work (94146ac)
• transform schema: preserve $defs when schema root is a $ref (#1642) (fc58e06)

Chores

• internal: fix artifact url (a6ed0c4)
• internal: fix branch names (3b03370)
• internal: update private repo name (7dbcb05)

Documentation

• point security reports to Anthropic's HackerOne program (#10) (80f2c97)

v0.105.2

0.105.2 (2026-05-29)

Full Changelog: v0.105.1...v0.105.2

... (truncated)

Changelog

Sourced from anthropic's changelog.

0.107.1 (2026-06-07)

Full Changelog: v0.107.0...v0.107.1

Bug Fixes

• foundry: send x-api-key header for API-key auth (#62) (1338141), closes #1661

0.107.0 (2026-06-06)

Full Changelog: v0.106.0...v0.107.0

Features

• api: small updates to Managed Agents types (72923f9)

0.106.0 (2026-06-05)

Full Changelog: v0.105.2...v0.106.0

Features

• api: mark Claude Opus 4.1 as deprecated (85068cc)

Bug Fixes

• client: make Foundry client copy() and with_options() work (94146ac)
• transform schema: preserve $defs when schema root is a $ref (#1642) (fc58e06)

Chores

• internal: fix artifact url (a6ed0c4)
• internal: fix branch names (3b03370)
• internal: update private repo name (7dbcb05)

Documentation

• point security reports to Anthropic's HackerOne program (#10) (80f2c97)

0.105.2 (2026-05-29)

Full Changelog: v0.105.1...v0.105.2

0.105.1 (2026-05-29)

Full Changelog: v0.105.0...v0.105.1

... (truncated)

Commits

• 260e687 release: 0.107.1
• 49c5395 fix(foundry): send x-api-key header for API-key auth (#62)
• 4ceca72 release: 0.107.0
• 3a6f9d9 feat(api): small updates to Managed Agents types
• 6a70c9f release: 0.106.0
• 8fa41c8 codegen metadata
• 1f55325 Don't leak ANTHROPIC_API_KEY to the Foundry endpoint (#18)
• a94498c fix(client): make Foundry client copy() and with_options() work
• 907d849 chore(internal): fix artifact url
• 9676a5d docs: point security reports to Anthropic's HackerOne program (#10)
• Additional commits viewable in compare view

Updates numpy from 2.4.5 to 2.4.6

Release notes

Sourced from numpy's releases.

v2.4.6 (May 18, 2026)

NumPy 2.4.6 Release Notes

NumPy 2.4.6 is a quick release that fixes a regression discovered in the 2.4.5 release.

This release supports Python versions 3.11-3.14

Contributors

A total of 4 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• !EarlMilktea
• Charles Harris
• Sebastian Berg
• Warren Weckesser

Pull requests merged

A total of 4 pull requests were merged for this release.

• #31444: MAINT: Prepare 2.4.x for further development
• #31453: BUG: Fix regression in arr.conj()
• #31459: BUG: np.linalg.svd(..., hermitian=True) returns non-unitary...
• #31460: BUG: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator...

Commits

• b832a09 Merge pull request #31462 from charris/prepare-2.4.6
• 57cc147 REL: Prepare for the NumPy 2.4.6 release
• 0c72b0b Merge pull request #31459 from charris/backport-31347
• 9778d26 BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...
• e0e3876 BUG: core: Don't call INCREF/DECREF on descr in NpyStringAcquireAllocator. (#...
• d1bffeb BUG: np.linalg.svd(..., hermitian=True) returns non-unitary vh (#31347)
• 8d8d7e5 Merge pull request #31453 from seberg/issue-31452
• bddaab7 BUG: Fix regression in arr.conj()
• 37a1ecc Merge pull request #31444 from charris/begin-2.4.6
• 3c0e043 MAINT: Prepare 2.4.x for further development
• See full diff in compare view

Updates soundfile from 0.13.1 to 0.14.0

Release notes

Sourced from soundfile's releases.

0.14.0

Thank you GesonAnko, Trevor Gamblin, Andreas Karatzas, Harish RS, Hunter Hogan

• Added type annotations
• Added Licensing note to wheel
• Fixed race condition when opening files concurrently
• Fixed regressions in test suite
• Removed support for Python <= 3.9
• Added ARM64 support for Windows

Commits

• 3162358 Merge pull request #489 from bastibe/windows-platform
• d026abe Merge pull request #486 from ngoldbaum/thread-safety-docs
• a2a5acb increment version number
• f0648be platform selection fixed for Windows
• 1688c02 Add readme section on thread safety
• 971db39 Merge pull request #482 from hunterhogan/v310
• f0848b1 fixup! update to Python >=3.10 syntax
• 1139841 Remove overload definitions.
• 0f9646c one overload definition per line. add | AudioData_2d to out parameter of ...
• 84f4332 add overload to blocks() and SoundFile.blocks()
• Additional commits viewable in compare view

Updates torchcodec from 0.12.0 to 0.14.0

Release notes

Sourced from torchcodec's releases.

TorchCodec 0.14

TorchCodec 0.14 is out! It is compatible with torch >= 2.11. It comes with two major additions: a fast audio WavDecoder, and support for HDR video decoding!

Fast wav decoder

TorchCodec now has a dedicated WavDecoder for decoding WAV files. It bypasses FFmpeg entirely and reads WAV data directly, resulting in significantly faster decoding. It supports multiple sample formats (int16, int32, float32, etc.), and can decode from files, bytes, or file-like objects.

from torchcodec.decoders import WavDecoder
decoder = WavDecoder("audio.wav")
samples = decoder.get_all_samples()  # AudioSamples with data and sample_rate

Read more in our docs.

HDR Video Decoding

VideoDecoder now supports HDR (High Dynamic Range) video decoding without losing precisio. When output_dtype=torch.float32 is specified, the decoder outputs RGB float32 frames in [0, 1], preserving the full HDR color range. This is supported for both CPU and CUDA!

import torch
from torchcodec.decoders import VideoDecoder
decoder = VideoDecoder("hdr_video.mp4", output_dtype=torch.float32)
frame = decoder[0]  # Full HDR precision in float32

Read more in our docs.

⚠️ This feature is in beta stage, so behavior may slightly change depending on user feedback. Let us know if you encounter any issue!

Other Improvements

• Improved audio seeking: AudioDecoder seeking is now much faster (#1449)
• Dropped NPP dependency: TorchCodec no longer depends on NVIDIA's NPP library, which will simplify installing and using TorchCodec for CUDA decoding.

Bug Fixes

• Fix a rare crash scenario during process teardown with the CUDA decoder (#1441)
• Fix CUDA decoding of videos with odd dimensions(#1462)

TorchCodec 0.13

TorchCodec 0.13 is out! It is compatible with torch >= 2.11, and it is packed with new features.

Multi-stream iterative Encoder

This release comes with a new major feature: the multi-stream Encoder! The Encoder supports multiple streams and incremental encoding. Frames and samples can be added progressively, which is useful when data is generated on-the-fly or when encoding both audio and video into the same container.

</tr></table> 

... (truncated)

Commits

• 9f9ed92 Prepare release 0.14 (#1477)
• 513d73b Skip some tests on FFmpeg 5 (#1469)
• f3b5983 Add tutorial for HDR videos and output_dtype param (#1476)
• 19f1202 Add benchmark for WavDecoder (#1474)
• 5883447 Expose WavDecoder and add docstrings (#1472)
• 2ab858e Update current version to 0.14 alpha (#1473)
• 301f2ef Trigger doc build job on stable release tag push - not just on RCs (#1471)
• 0e71f59 Reduce size of built docs (#1470)
• 54c4091 Fix Windows CUDA builds, maybe (#1468)
• fbed048 Refactor AVIO context holders (#1464)
• Additional commits viewable in compare view

Updates pytest-asyncio from 1.3.0 to 1.4.0

Release notes

Sourced from pytest-asyncio's releases.

pytest-asyncio v1.4.0

1.4.0 - 2026-05-26

Deprecated

• Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

• Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

  The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged.

  Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

• Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
• Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)
• Updated minimum supported pytest version to v8.4.0. (#1397)

Fixed

• Fixed a ResourceWarning: unclosed event loop warning that could occur when a synchronous test called asyncio.run() or otherwise unset the current event loop after pytest-asyncio had run an async test or fixture. (#724)

Notes for Downstream Packagers

• Added dependency on sphinx-tabs >= 3.5 to organize documentation examples into tabs. (#1395)

pytest-asyncio v1.4.0a2

1.4.0a2 - 2026-05-02

Deprecated

• Overriding the event_loop_policy fixture is deprecated. Use the pytest_asyncio_loop_factories hook instead. (#1419)

Added

• Added the pytest_asyncio_loop_factories hook to parametrize asyncio tests with custom event loop factories.

  The hook returns a mapping of factory names to loop factories, and pytest.mark.asyncio(loop_factories=[...]) selects a subset of configured factories per test. When a single factory is configured, test names are unchanged on pytest 8.4+.

  Synchronous @pytest_asyncio.fixture functions now see the correct event loop when custom loop factories are configured, even when test code disrupts the current event loop (e.g., via asyncio.run() or asyncio.set_event_loop(None)). (#1164)

Changed

• Improved the readability of the warning message that is displayed when asyncio_default_fixture_loop_scope is unset (#1298)
• Only import asyncio.AbstractEventLoopPolicy for type checking to avoid raising a DeprecationWarning. (#1394)

... (truncated)

Commits

• 6e14cd2 chore: Prepare release of v1.4.0.
• 4b900fb Build(deps): Bump codecov/codecov-action from 6.0.0 to 6.0.1
• ab9f632 Build(deps): Bump zipp from 3.23.1 to 4.1.0
• a56fc77 Build(deps): Bump hypothesis from 6.152.6 to 6.152.8
• e8bae9b Build(deps): Bump requests from 2.34.0 to 2.34.2
• fc43340 Build(deps): Bump idna from 3.14 to 3.15
• 762eaf5 Build(deps): Bump jaraco-functools from 4.4.0 to 4.5.0
• b62e222 Build(deps): Bump click from 8.3.3 to 8.4.0
• 9190447 Build(deps): Bump pydantic from 2.13.3 to 2.13.4
• 82a393c ci: Remove unnecessary debug output.
• Additional commits viewable in compare view

Updates ruff from 0.15.13 to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

0.15.15

... (truncated)

Commits

• 6c498ab Bump 0.15.16 (#25635)
• e51e132 [flake8-async] Implement yield-in-context-manager-in-async-generator (`AS...
• 7c6dcd9 [ty] Add caching for pattern match narrowing (#25613)
• 27058fc [ty] Compact retained definition and expression identities (#25606)
• bf80d05 Fix CODEOWNERS syntax (#25622)
• 10ccd51 Shrink additional parser AST collections (#25465)
• 0d7135f [ty] Upgrade Salsa (#25545)
• 49493a3 [ty] Show type alias value on hover (#25381)
• 85207d3 [ty] sys.implementation.version is not sys.version_info (#25608)
• a8a0614 [ty] Avoid retaining duplicate function signatures (#25609)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

---

^{Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.}

[dependabot]

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml