Bump the all-minor-and-patch-dependency-updates group with 3 updates

[dependabot]

Bumps the all-minor-and-patch-dependency-updates group with 3 updates: click, ray and bandit.

Updates click from 8.1.8 to 8.3.1

Release notes

Sourced from click's releases.

8.3.1

This is the Click 8.3.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.3.1/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-1 Milestone: https://github.com/pallets/click/milestone/28

• Don't discard pager arguments by correctly using subprocess.Popen. #3039 #3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. #3066 #3065 #3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. #3071 #3079
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. #3019 #3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. #3069 #3090
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. #3136 #3137

8.3.0

This is the Click 8.3.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecation, or introduce potentially breaking changes.

We encourage everyone to upgrade. You can read more about our Version Support Policy on our website.

PyPI: https://pypi.org/project/click/8.3.0/ Changes: https://click.palletsprojects.com/page/changes/#version-8-3-0 Milestone https://github.com/pallets/click/milestone/27

• Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

  • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
  • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
  • The default parameter can now be any type (bool, None, etc.)
  • Fixes inconsistencies reported in: #1992 #2514 #2610 #3024 #3030

• Allow default to be set on Argument for nargs = -1. #2164 #3030

• Show correct auto complete value for nargs option in combination with flag option #2813

• Show correct auto complete value for nargs option in combination with flag option #2813

• Fix handling of quoted and escaped parameters in Fish autocompletion. #2995 #3013

• Lazily import shutil. #3023

• Properly forward exception information to resources registered with click.core.Context.with_resource(). #2447 #3058

• Fix regression related to EOF handling in CliRunner. #2939 #2940

8.2.2

This is the Click 8.2.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/click/8.2.2/

... (truncated)

Changelog

Sourced from click's changelog.

Version 8.3.1

Released 2025-11-15

• Don't discard pager arguments by correctly using subprocess.Popen. :issue:3039 :pr:3055
• Replace Sentinel.UNSET default values by None as they're passed through the Context.invoke() method. :issue:3066 :issue:3065 :pr:3068
• Fix conversion of Sentinel.UNSET happening too early, which caused incorrect behavior for multiple parameters using the same name. :issue:3071 :pr:3079
• Hide Sentinel.UNSET values as None when looking up for other parameters through the context inside parameter callbacks. :issue:3136 :pr:3137
• Fix rendering when prompt and confirm parameter prompt_suffix is empty. :issue:3019 :pr:3021
• When Sentinel.UNSET is found during parsing, it will skip calls to type_cast_value. :issue:3069 :pr:3090

Version 8.3.0

Released 2025-09-17

• Improved flag option handling: Reworked the relationship between flag_value and default parameters for better consistency:

  • The default parameter value is now preserved as-is and passed directly to CLI functions (no more unexpected transformations)
  • Exception: flag options with default=True maintain backward compatibility by defaulting to their flag_value
  • The default parameter can now be any type (bool, None, etc.)
  • Fixes inconsistencies reported in: :issue:1992 :issue:2514 :issue:2610 :issue:3024 :pr:3030

• Allow default to be set on Argument for nargs = -1. :issue:2164 :pr:3030

• Show correct auto complete value for nargs option in combination with flag option :issue:2813

• Fix handling of quoted and escaped parameters in Fish autocompletion. :issue:2995 :pr:3013

• Lazily import shutil. :pr:3023

• Properly forward exception information to resources registered with click.core.Context.with_resource(). :issue:2447 :pr:3058

• Fix regression related to EOF handling in CliRunner. :issue:2939 :pr:2940

Version 8.2.2

Released 2025-07-31

• Fix reconciliation of default, flag_value and type parameters for flag options, as well as parsing and normalization of environment variables.

... (truncated)

Commits

• 1d038f2 release version 8.3.1
• 03f3889 Fix Ruff UP038 warning (#3141)
• 3867781 Fix Ruff UP038 warning
• b91bb95 Provide altered context to callbacks to hide UNSET values as None (#3137)
• 437e1e3 Temporarily provide a fake context to the callback to hide UNSET values as ...
• ea70da4 Don't test using a file in docs/ (#3102)
• e27b307 Make uv run --all-extras pyright --verifytypes click pass (#3072)
• a92c573 Fix test_edit to work with BSD sed (#3129)
• bd131e1 Fix test_edit to work with BSD sed
• 0b5c6b7 Add Best practices section (#3127)
• Additional commits viewable in compare view

Updates ray from 2.53.0 to 2.54.0

Release notes

Sourced from ray's releases.

Ray-2.54.0

Ray Data

🎉 New Features

• Add checkpointing support to Ray Data (#59409)
• Compute Expressions: list operations (#59346), fixed-size arrays (#58741), string padding (#59552), logarithmic (#59549), trigonometric (#59712), arithmetic (#59678), and rounding (#59295)
• Add sql_params support to read_sql (#60030)
• Add AsList aggregation (#59920)
• Support CountDistinct aggregate (#59030)
• Add credential provider abstraction for Databricks UC datasource (#60457)
• Support callable classes for UDFExpr (#56725)
• Add autoscaler metrics to Data Dashboard (#60472)
• Add optional filesystem parameter to download expression (#60677)
• Allow specifying partitioning style or flavor in write_parquet() (#59102)
• New cluster autoscaler enabled by default (#60474)

💫 Enhancements

• Improve numerical stability in scalers by handling near-zero values (#60488)
• Export dataset operator output schema to event logger (#60086)
• Iceberg: add retry policy for Storage + Catalog writes (#60620)
• Iceberg: remove calls to Catalog Table in write tasks (#60476)
• Expose logical operators and rules via package exports (#60297, #60296)
• Demote Sort from requiring preserve_order (#60555)
• Improve appearance of repr(dataset) (#59631)
• Allow configuring DefaultClusterAutoscalerV2 thresholds via env vars (#60133)
• Use Arrow IPC for Arrow Schema serialization/deserialization (#60195)
• Store _source_paths in object store to prevent excessive spilling during read task serialization (#59999)
• Add more shuffle fusion rules (#59985)
• Enable and tune DownstreamCapacityBackpressurePolicy (#59753)
• Enable concurrency cap backpressure with tuning (#59392)
• Set default actor pool scale up threshold to 1.75 (#59512)
• Don't downscale actors if the operator hasn't received any inputs (#59883)
• Don't reserve GPU budget for non-GPU tasks (#59789)
• Only return selected data columns in hive-partitioned Parquet files (#60236)
• Ordered + FIFO bundle queue (#60228)
• Add node_id, pid, attempt number for hanging tasks (#59793)
• Revise resource allocator task scheduling to factor in pending task outputs (#60639)
• Track block serialization time (#60574)
• Use metrics from OpRuntimeMetrics for progress (#60304)
• Tabular form for streaming executor op metrics (#59774)
• Info-log cluster scale-up decisions (#60357)
• Use plain mode instead of grid mode for OpMetrics logging (#59907)
• Progress reporting refactors (#59350, #59629, #59880)
• Remove deprecated TENSOR_COLUMN_NAME constant (#60573)
• Remove meta_provider parameter (#60379)
• Decouple Ray Train from Ray Data by removing top-level ray.data imports (#60292)
• Move extension types to ray.data (#59420)
• Skip upscaling validation warning for fixed-size actor pools (#60569)

... (truncated)

Commits

• 48bd1f8 [data] revert "continue grabbing task state until response is not None" (#61066)
• 165b4aa [Data][Cherry-pick] Fixed min_scheduling_resources to fallback to incremental...
• 6835277 [rllib] disable failing tests that are not release blocking (#60933)
• f8e1102 [Core] Fix test_failed_task_runtime_env_setup failure on windows (#60852) (#6...
• 620214f [RLlib] Fix _test_dependency_torch (#60742) (#60888)
• 5d2115c cherrypick part of #60887 (#60897)
• e94871d [Data][Cherry-pick] Prevent Limit from getting pushed past map_groups (#6...
• a77457b [Data] Fixing ReservationOpResourceAllocator to properly borrow resources f...
• 0f27a3a [Serve] Video analysis example fix (#60784) (#60871)
• 1b1a9bd [Data] Fixing output backpressure unblocking sequence to properly handle term...
• Additional commits viewable in compare view

Updates bandit from 1.9.3 to 1.9.4

Release notes

Sourced from bandit's releases.

1.9.4

What's Changed

• chore: fixed some typos in comments by @​jakob1379 in PyCQA/bandit#1351
• Bump docker/login-action from 3.6.0 to 3.7.0 by @​dependabot[bot] in PyCQA/bandit#1353
• Bump docker/build-push-action from 6.18.0 to 6.19.2 by @​dependabot[bot] in PyCQA/bandit#1357
• Fix B613 crash when reading from stdin by @​worksbyfriday in PyCQA/bandit#1361
• Include filename in nosec 'no failed test' warning by @​worksbyfriday in PyCQA/bandit#1363
• Fix B615 false positive when revision is set via variable by @​worksbyfriday in PyCQA/bandit#1358
• Lower version guard in check_ast_node to Python 3.12 by @​rcgray in PyCQA/bandit#1355
• Fix B106 reporting wrong line number on multiline function calls by @​worksbyfriday in PyCQA/bandit#1360

New Contributors

• @​jakob1379 made their first contribution in PyCQA/bandit#1351
• @​worksbyfriday made their first contribution in PyCQA/bandit#1361
• @​rcgray made their first contribution in PyCQA/bandit#1355

Full Changelog: PyCQA/bandit@1.9.3...1.9.4

Commits

• 92ae8b8 Fix B106 reporting wrong line number on multiline function calls (#1360)
• c8c8a55 Lower version guard in check_ast_node to Python 3.12 (#1355)
• 8f2f928 Fix B615 false positive when revision is set via variable (#1358)
• e27493f Include filename in nosec 'no failed test' warning (#1363)
• b69b336 Fix B613 crash when reading from stdin (#1361)
• e418b79 Bump docker/build-push-action from 6.18.0 to 6.19.2 (#1357)
• ff646fd Bump docker/login-action from 3.6.0 to 3.7.0 (#1353)
• c0def6c chore: fixed some typos in comments (#1351)
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.