Bump the production-dependencies group with 5 updates

[dependabot]

⚠️ Dependabot is rebasing this PR ⚠️

Rebasing might not happen immediately, so don't worry if this takes some time.

Note: if you make any changes to this PR yourself, they will take precedence over the rebase.

---

Bumps the production-dependencies group with 5 updates:

Package	From	To
cachetools	6.2.4	6.2.6
multiprocess	0.70.18	0.70.19
numpy	2.4.0	2.4.2
scipy	1.16.3	1.17.0
tomli	2.3.0	2.4.0

Updates cachetools from 6.2.4 to 6.2.6

Changelog

Sourced from cachetools's changelog.

v6.2.6 (2026-01-27)

• Improve typedkey performance.

• Minor documentation improvements.

• Minor testing improvements.

• Minor code readability improvements.

v6.2.5 (2026-01-25)

• Improve documentation regarding @cachedmethod with lock parameter.

• Add test cases for cache stampede scenarios.

• Update CI environment.

Commits

• 318ed71 Release v6.2.6.
• 48443ff Fix Cache.popitem test.
• 709819c Fix test method naming.
• 68e4b9c Minor documentation improvements.
• 8ee4015 Minor code readability improvements.
• ea47f99 Improve typedkey performance.
• 7158a30 Release v6.2.5.
• c9e3e26 Fix #379: Improve @​cachedmethod example by using a lock.
• d99c023 Bump copyright year.
• 5a87ee0 Add test cases for cache stampede scenarios.
• Additional commits viewable in compare view

Updates multiprocess from 0.70.18 to 0.70.19

Commits

• 136e2a6 tag: 0.70.19
• cd45c1a travis use noble, 3.15t, 3.14, coverage on 3.10 (#247)
• 7c8b7e5 increase short timeout in test_interrupt (#246)
• 8db0ee8 sync with python3.15.0a5 (#245)
• 12ac8a3 Bump urllib3 from 2.6.0 to 2.6.3 in /docs (#243)
• c7bcec1 sync with rtfd 15.10.0 (#244)
• eecf5d1 update copyright for 2026, urllib3 to 2.6.0 (#242)
• 56eca89 sync with python 3.15.0a3 (#241)
• 319afc2 sync with 3.13.11 and 3.14.2 (#240)
• 8361d28 sync with python 3.15.0a2 (#238)
• Additional commits viewable in compare view

Updates numpy from 2.4.0 to 2.4.2

Release notes

Sourced from numpy's releases.

2.4.1 (Jan 10, 2026)

NumPy 2.4.1 Release Notes

The NumPy 2.4.1 is a patch release that fixes bugs discoved after the 2.4.0 release. In particular, the typo SeedlessSequence is preserved to enable wheels using the random Cython API and built against NumPy < 2.4.0 to run without errors.

This release supports Python versions 3.11-3.14

Contributors

A total of 9 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Alexander Shadchin
• Bill Tompkins +
• Charles Harris
• Joren Hammudoglu
• Marten van Kerkwijk
• Nathan Goldbaum
• Raghuveer Devulapalli
• Ralf Gommers
• Sebastian Berg

Pull requests merged

A total of 15 pull requests were merged for this release.

• #30490: MAINT: Prepare 2.4.x for further development
• #30503: DOC: numpy.select: fix default parameter docstring...
• #30504: REV: Revert part of #30164 (#30500)
• #30506: TYP: numpy.select: allow passing array-like default...
• #30507: MNT: use if constexpr for compile-time branch selection
• #30513: BUG: Fix leak in flat assignment iterator
• #30516: BUG: fix heap overflow in fixed-width string multiply (#30511)
• #30523: BUG: Ensure summed weights returned by np.average always are...
• #30527: TYP: Fix return type of histogram2d
• #30594: MAINT: avoid passing ints to random functions that take double...
• #30595: BLD: Avoiding conflict with pygit2 for static build
• #30596: MAINT: Fix msvccompiler missing error on FreeBSD
• #30608: BLD: update vendored Meson to 1.9.2
• #30620: ENH: use more fine-grained critical sections in array coercion...
• #30623: BUG: Undo result type change of quantile/percentile but keep...

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.4.0 release on Linux, which will be the first feature release using the numpy/numpy-release <https://github.com/numpy/numpy-release>__ repository.

The commands can be copied into the command line, but be sure to replace 2.4.0 with the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

• Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.
• You can use the keyring app to store the PyPI password for twine. See the online twine documentation for details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, multiple config and CI files need to be edited in addition to changing the minimum version in pyproject.toml. Make these changes in an ordinary PR against main and backport if necessary. We currently release wheels for new Python versions after the first Python RC once manylinux and cibuildwheel support that new Python version.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.4.x branch.

Commits

• c81c49f Merge pull request #30757 from charris/prepare-2.4.2
• b3ae9c5 REL: Prepare for the NumPy 2.4.2 release
• 9de8984 Merge pull request #30737 from mattip/scipy-openblas-backport
• b7be329 backport scipy-openblas version change
• 7ff9863 Merge pull request #30736 from charris/backport-30667
• 431fffb MAINT: Skip tests that require buffer.
• 127235f BUG: fix thread safety of array_getbuffer (#30667)
• 18bdb2e Merge pull request #30713 from charris/backport-30710
• 41dd751 Merge pull request #30712 from charris/backport-30705
• 7a278da BUG: Fixup the quantile promotion fixup
• Additional commits viewable in compare view

Updates scipy from 1.16.3 to 1.17.0

Release notes

Sourced from scipy's releases.

SciPy 1.17.0 Release Notes

SciPy 1.17.0 is the culmination of 6 months of hard work. It contains many new features, numerous bug-fixes, improved test coverage and better documentation. There have been a number of deprecations and API changes in this release, which are documented below. All users are encouraged to upgrade to this release, as there are a large number of bug-fixes and optimizations. Before upgrading, we recommend that users check that their own code does not use deprecated SciPy functionality (to do so, run your code with python -Wd and check for DeprecationWarning s). Our development attention will now shift to bug-fix releases on the 1.17.x branch, and on adding new features on the main branch.

This release requires Python 3.11-3.14 and NumPy 1.26.4 or greater.

Highlights of this release

• Many SciPy functions have gained native support for batching of N-dimensional array input and additional support for the array API standard. An overall summary of the latter is now available in a set of tables.
• In scipy.sparse, coo_array now supports indexing. This includes integers, slices, arrays, np.newaxis, Ellipsis, in 1D, 2D and the relatively new nD. In scipy.sparse.linalg, ARPACK and PROPACK rewrites from Fortran77 to C now empower the use of external pseudorandom number generators, e.g. from numpy.
• In scipy.spatial, transform.Rotation and transform.RigidTransform have been extended to support N-D arrays. geometric_slerp now has support for extrapolation.
• scipy.stats has gained the matrix t and logistic distributions and many performance and accuracy improvements.
• Initial support for 64-bit integer (ILP64) BLAS and LAPACK libraries has been added, including for MKL and Apple Accelerate. Please report any issues with ILP64 you encounter.

New features

scipy.integrate improvements

• The integration routines dopri5, dopri853, LSODA, vode, and zvode have been ported from Fortran77 to C.
• scipy.integrate.quad now has a fast path for returning 0 when the integration interval is empty.
• The BDF, DOP853, RK23, RK45, OdeSolver, DenseOutput, ode, and complex_ode classes now support subscription, making them generic types, for compatibility with scipy-stubs.

... (truncated)

Commits

• 8c75ae7 REL: 1.17.0 "final" release commit [wheel build]
• 9d7f110 Merge pull request #24298 from tylerjereddy/treddy_prep_1.17.0_final
• 94373b6 MAINT: test wheels [wheel build]
• 723f4e2 DOC: update 1.17.0 relnotes
• bf042f0 CI: ensure we use pinned scipy-openblas version also in ILP64 job
• 3e00a04 CI: fix issue with ILP64 job; point to fixed numpy/meson commit
• 39bceab BUG: stats: fix va_args memory corruption bug
• 8f56387 DOC: update 1.17.0 release notes
• c50e9c0 Merge pull request #24304 from ev-br/edit_relnotes_for_ILP64
• b204495 DOC: clarify ILP64 support caveats in the release notes, remove mentions of O...
• Additional commits viewable in compare view

Updates tomli from 2.3.0 to 2.4.0

Changelog

Sourced from tomli's changelog.

2.4.0

• Added
  • TOML v1.1.0 compatibility
  • Binary wheels for Windows arm64

Commits

• a678e6f Bump version: 2.3.0 → 2.4.0
• b8a1358 Tests: remove now needless "TOML compliance"->"burntsushi" format conversion
• 4979375 Update GitHub actions
• f890dd1 Update pre-commit hooks
• d9c65c3 Add 2.4.0 change log
• 0efe49d Update README for v2.4.0
• 9eb2125 TOML 1.1: Make seconds optional in Date-Time and Time (#203)
• 12314bd TOML 1.1: Add \xHH Unicode escape code to basic strings (#202)
• 2a2aa62 TOML 1.1: Allow newlines and trailing comma in inline tables (#200)
• 38297f8 Xfail on tests for TOML 1.1 features not yet supported
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud