Skip to content

chore(deps): bump the py-dependencies group across 1 directory with 3 updates#41

Closed
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/fraud-detection/py-dependencies-2235f542c0
Closed

chore(deps): bump the py-dependencies group across 1 directory with 3 updates#41
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/fraud-detection/py-dependencies-2235f542c0

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Feb 1, 2026
edited
Loading

Updates the requirements on pandas, scikit-learn and xgboost to permit the latest version.
Updates pandas to 3.0.0

Release notes

Sourced from pandas's releases.

pandas 3.0.0

We are pleased to announce the release of pandas 3.0.0, a major release from the pandas 2.x series. This release includes various new features, bug fixes, and performance improvements, as well as possible breaking changes.

The pandas 3.0 release removed a functionality that was deprecated in previous releases. It is recommended to first upgrade to pandas 2.3 and to ensure your code is working without warnings, before upgrading to pandas 3.0.

Highlights include:

See the announcement blog post and the detailed release notes for a list of all the changes.

Pandas 3.0.0 supports Python 3.11 and higher. The release can be installed from PyPI

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits
  • 366ccdf RLS: 3.0.0
  • 139f4d0 DOC: split/reorder other enhancements section in 3.0.0 whatsnew notes (#63762)
  • fd2a4f4 TST: assert reading of legacy pickles against current data (#61792)
  • cc0bcaa DOC: update whatsnew section on datetimelike resolution (#63780)
  • 3ddbb49 DOC: remove 2.3.4 whatsnew file from released 3.0 docs (#63779)
  • ee63532 CLN: Create temporary HDF5 file path and HDFStore for pytables tests (#63492)
  • 9512e99 CoW: better chained assignment warning message for update() method (#63500)
  • 1db90d5 API: rename read_iceberg selected_fields keyword to columns (#63748)
  • c9b51fa BUG: .str methods failing on PyArrow using regex with \Z (#63705)
  • 7cff0f4 API: Period.to_timestamp default to microsecond unit (#63760)
  • Additional commits viewable in compare view

Updates scikit-learn to 1.8.0

Release notes

Sourced from scikit-learn's releases.

Release 1.8.0

We're happy to announce the 1.8.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_8_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.8.html

This version supports Python versions 3.11 to 3.14 and features support of free-threaded CPython.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn
Commits
  • 646da0f [cd build]
  • 4f4f283 Generate changelog
  • 967dcde Set version
  • cb1424b DOC Release highlights for 1.8 (#32809)
  • 5645b27 🔒 🤖 CI Update lock files for main CI build(s) 🔒 🤖 (#32859)
  • 6b9fb11 🔒 🤖 CI Update lock files for free-threaded CI build(s) 🔒 :rob...
  • a0f6d88 🔒 🤖 CI Update lock files for array-api CI build(s) 🔒 🤖 ...
  • c1de8fc FIX Make get_namespace handle pandas dataframe input (#32838)
  • 764249a Fix _safe_indexing with non integer arrays on array API inputs (#32840)
  • eca5e0a FIX Add new default max_samples=None in Bagging estimators (#32825)
  • Additional commits viewable in compare view

Updates xgboost to 3.1.3

Release notes

Sourced from xgboost's releases.

3.1.3 Patch Release

What's Changed

  • Scikit-learn 1.8 compatibility fix (#11858)
  • Add ARM CUDA wheels for PyPI. (#11827) Add nccl as dep for aarch64. (#11753)
  • [R] Fix off-by-one bug: nrounds=0 resulted in 2 iterations #11856
  • [R] Fix mingw warnings, winbuilder check warnings, memory safety issues. (#11859, #11847, #11830, #11906)
  • Avoid overflow in rounding estimation. (#11910)
  • Workaround compiler issue on Windows, affects the use of max_delta_step with CUDA. (#11916)

Full Changelog: dmlc/xgboost@v3.1.2...v3.1.3

Additional artifacts:

You can verify the downloaded packages by running the following command on your Unix shell:

echo "<hash> <artifact>" | shasum -a 256 --check
67800a7c1c0455c22c9be73dbf3c39bfd9ac9627b2cb617eb2795fd675a9d49e  xgboost-src-3.1.3.tar.gz
f3586dc2da415bba7c3a632b290d653b74eea0caf2ea9e8ffb488cacb57a1dcf  xgboost_r_gpu_linux.tar.gz

Experimental binary packages for R with CUDA enabled

  • xgboost_r_gpu_linux_3.1.3.tar.gz: Download

Source tarball

Changelog

Sourced from xgboost's changelog.

XGBoost Change Log

Starting from 2.1.0, release note is recorded in the documentation.

This file records the changes in xgboost library in reverse chronological order.

2.0.0 (2023 Aug 16)

We are excited to announce the release of XGBoost 2.0. This note will begin by covering some overall changes and then highlight specific updates to the package.

Initial work on multi-target trees with vector-leaf outputs

We have been working on vector-leaf tree models for multi-target regression, multi-label classification, and multi-class classification in version 2.0. Previously, XGBoost would build a separate model for each target. However, with this new feature that's still being developed, XGBoost can build one tree for all targets. The feature has multiple benefits and trade-offs compared to the existing approach. It can help prevent overfitting, produce smaller models, and build trees that consider the correlation between targets. In addition, users can combine vector leaf and scalar leaf trees during a training session using a callback. Please note that the feature is still a working in progress, and many parts are not yet available. See #9043 for the current status. Related PRs: (#8538, #8697, #8902, #8884, #8895, #8898, #8612, #8652, #8698, #8908, #8928, #8968, #8616, #8922, #8890, #8872, #8889, #9509) Please note that, only the hist (default) tree method on CPU can be used for building vector leaf trees at the moment.

New device parameter.

A new device parameter is set to replace the existing gpu_id, gpu_hist, gpu_predictor, cpu_predictor, gpu_coord_descent, and the PySpark specific parameter use_gpu. Onward, users need only the device parameter to select which device to run along with the ordinal of the device. For more information, please see our document page (https://xgboost.readthedocs.io/en/stable/parameter.html#general-parameters) . For example, with device="cuda", tree_method="hist", XGBoost will run the hist tree method on GPU. (#9363, #8528, #8604, #9354, #9274, #9243, #8896, #9129, #9362, #9402, #9385, #9398, #9390, #9386, #9412, #9507, #9536). The old behavior of gpu_hist is preserved but deprecated. In addition, the predictor parameter is removed.

hist is now the default tree method

Starting from 2.0, the hist tree method will be the default. In previous versions, XGBoost chooses approx or exact depending on the input data and training environment. The new default can help XGBoost train models more efficiently and consistently. (#9320, #9353)

GPU-based approx tree method

There's initial support for using the approx tree method on GPU. The performance of the approx is not yet well optimized but is feature complete except for the JVM packages. It can be accessed through the use of the parameter combination device="cuda", tree_method="approx". (#9414, #9399, #9478). Please note that the Scala-based Spark interface is not yet supported.

Optimize and bound the size of the histogram on CPU, to control memory footprint

XGBoost has a new parameter max_cached_hist_node for users to limit the CPU cache size for histograms. It can help prevent XGBoost from caching histograms too aggressively. Without the cache, performance is likely to decrease. However, the size of the cache grows exponentially with the depth of the tree. The limit can be crucial when growing deep trees. In most cases, users need not configure this parameter as it does not affect the model's accuracy. (#9455, #9441, #9440, #9427, #9400).

Along with the cache limit, XGBoost also reduces the memory usage of the hist and approx tree method on distributed systems by cutting the size of the cache by half. (#9433)

Improved external memory support

There is some exciting development around external memory support in XGBoost. It's still an experimental feature, but the performance has been significantly improved with the default hist tree method. We replaced the old file IO logic with memory map. In addition to performance, we have reduced CPU memory usage and added extensive documentation. Beginning from 2.0.0, we encourage users to try it with the hist tree method when the memory saving by QuantileDMatrix is not sufficient. (#9361, #9317, #9282, #9315, #8457)

Learning to rank

We created a brand-new implementation for the learning-to-rank task. With the latest version, XGBoost gained a set of new features for ranking task including:

  • A new parameter lambdarank_pair_method for choosing the pair construction strategy.
  • A new parameter lambdarank_num_pair_per_sample for controlling the number of samples for each group.
  • An experimental implementation of unbiased learning-to-rank, which can be accessed using the lambdarank_unbiased parameter.
  • Support for custom gain function with NDCG using the ndcg_exp_gain parameter.
  • Deterministic GPU computation for all objectives and metrics.
  • NDCG is now the default objective function.
  • Improved performance of metrics using caches.
  • Support scikit-learn utilities for XGBRanker.
  • Extensive documentation on how learning-to-rank works with XGBoost.

For more information, please see the tutorial. Related PRs: (#8771, #8692, #8783, #8789, #8790, #8859, #8887, #8893, #8906, #8931, #9075, #9015, #9381, #9336, #8822, #9222, #8984, #8785, #8786, #8768)

Automatically estimated intercept

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
chore(deps): bump the py-dependencies group across 1 directory with 3…
dbead2d 
… updates

Updates the requirements on [pandas](https://github.com/pandas-dev/pandas), [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [xgboost](https://github.com/dmlc/xgboost) to permit the latest version.

Updates `pandas` to 3.0.0
- [Release notes](https://github.com/pandas-dev/pandas/releases)
- [Commits](pandas-dev/pandas@v2.3.3...v3.0.0)

Updates `scikit-learn` to 1.8.0
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@1.7.2...1.8.0)

Updates `xgboost` to 3.1.3
- [Release notes](https://github.com/dmlc/xgboost/releases)
- [Changelog](https://github.com/dmlc/xgboost/blob/master/NEWS.md)
- [Commits](dmlc/xgboost@v3.1.0...v3.1.3)

---
updated-dependencies:
- dependency-name: pandas
  dependency-version: 3.0.0
  dependency-type: direct:production
  dependency-group: py-dependencies
- dependency-name: scikit-learn
  dependency-version: 1.8.0
  dependency-type: direct:production
  dependency-group: py-dependencies
- dependency-name: xgboost
  dependency-version: 3.1.3
  dependency-type: direct:production
  dependency-group: py-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 1, 2026
@dependabot @github
Copy link
Copy Markdown
Contributor Author

dependabot bot commented on behalf of github Mar 1, 2026

Superseded by #42.

@dependabot dependabot bot closed this Mar 1, 2026
@dependabot dependabot bot deleted the dependabot/pip/fraud-detection/py-dependencies-2235f542c0 branch March 1, 2026 10:56
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants