chore(deps): bump the dependencies group across 1 directory with 8 updates

[dependabot]

Updates the requirements on opensearch-py, boto3, requests-aws4auth, streamlit, aws-cdk-lib, constructs, pandas and pyarrow to permit the latest version.
Updates opensearch-py from 3.1.0 to 3.2.0

Release notes

Sourced from opensearch-py's releases.

v3.2.0

What's Changed

• Bump actions/checkout from 5 to 6 by @​dependabot[bot] in opensearch-project/opensearch-py#986
• ci(linkchecker): remove exclude-mail option by @​florianvazelle in opensearch-project/opensearch-py#987
• change pool.close to pool.terminate by @​ekneg54 in opensearch-project/opensearch-py#981
• Bump codecov/codecov-action from 4 to 5 by @​dependabot[bot] in opensearch-project/opensearch-py#985
• Update pytest-asyncio requirement from <=1.2.0 to <=1.3.0 by @​dependabot[bot] in opensearch-project/opensearch-py#984
• Add ML Commons plugin doc by @​nathaliellenaa in opensearch-project/opensearch-py#992
• ci: fix mypy type ignore for untyped decorator in tests by @​florianvazelle in opensearch-project/opensearch-py#993
• Updated opensearch-py to reflect the latest OpenSearch API spec by @​opensearch-trigger-bot[bot] in opensearch-project/opensearch-py#994
• Bump actions/upload-artifact from 5 to 6 by @​dependabot[bot] in opensearch-project/opensearch-py#989
• Bump actions/download-artifact from 6 to 7 by @​dependabot[bot] in opensearch-project/opensearch-py#988
• Bump peter-evans/create-pull-request from 7 to 8 by @​dependabot[bot] in opensearch-project/opensearch-py#990
• fix(docs): use keyword arguments in security API examples by @​Pigueiras in opensearch-project/opensearch-py#1004
• Fix CI failures due to API spec updates by @​finnegancarroll in opensearch-project/opensearch-py#1007
• Bump opensearch protobufs - 1.2.0. by @​finnegancarroll in opensearch-project/opensearch-py#1000
• Fix AWSV4Signer.sign() not passing headers to AWSRequest by @​rbhatane in opensearch-project/opensearch-py#1035
• fix(signer): Include X-Amz-Content-SHA256 in SignedHeaders (#1038) by @​JiaxiChris in opensearch-project/opensearch-py#1039

New Contributors

• @​ekneg54 made their first contribution in opensearch-project/opensearch-py#981
• @​Pigueiras made their first contribution in opensearch-project/opensearch-py#1004
• @​rbhatane made their first contribution in opensearch-project/opensearch-py#1035
• @​JiaxiChris made their first contribution in opensearch-project/opensearch-py#1039

Full Changelog: opensearch-project/opensearch-py@v3.1.0...v3.2.0

Changelog

Sourced from opensearch-py's changelog.

[3.2.0]

Added

• Add dependency on opensearch-protobufs to provide client libraries for gRPC transport (#977)
• Add ML Commons plugin documentation (#992)

Updated APIs

• Updated opensearch-py APIs to reflect opensearch-api-specification@2954600

Changed

Deprecated

Removed

Fixed

• Fixed AWSV4Signer.sign() not passing custom headers to AWSRequest, causing x-amz-* headers to be excluded from SigV4 signature (#1034)
• Fixed AWSV4Signer.sign() not setting X-Amz-Content-SHA256 before SigV4Auth.add_auth(), causing the header to be absent from SignedHeaders in the Authorization header. The fix uses a guarded assignment that preserves caller-provided values (e.g., UNSIGNED-PAYLOAD, precomputed hashes) (#1038, #1039)
• Fixed the linkchecker CI step (#987)

Security

Dependencies

• Bump pytest-asyncio from <=1.2.0 to <=1.3.0 (#984)
• Bump actions/checkout from 5 to 6 (#986)
• Bump codecov/codecov-action from 4 to 5 (#985)
• Bump actions/upload-artifact from 5 to 6 (#989)
• Bump actions/download-artifact from 6 to 7 (#988)
• Bump peter-evans/create-pull-request from 7 to 8 (#990)
• Bump opensearch-protobufs from 0.19.0 to 1.2.0 (#1000)

Commits

• 8991792 fix(signer): Include X-Amz-Content-SHA256 in SignedHeaders (#1038) (#1039)
• d8a8c57 Fix AWSV4Signer.sign() not passing headers to AWSRequest (#1035)
• 6551595 Bump opensearch protobufs - 1.2.0. (#1000)
• 94ae310 Fix CI failures due to API spec updates (#1007)
• 1ce5b46 fix(docs): use keyword arguments in security API examples (#1004)
• 9b6d240 Bump peter-evans/create-pull-request from 7 to 8 (#990)
• 02c5dcc Bump actions/download-artifact from 6 to 7 (#988)
• fa8a862 Bump actions/upload-artifact from 5 to 6 (#989)
• f5ef694 Updated opensearch-py to reflect the latest OpenSearch API spec (2026-01-22) ...
• 10ab792 ci: fix mypy type ignore for untyped decorator in tests (#993)
• Additional commits viewable in compare view

Updates boto3 from 1.42.84 to 1.43.3

Commits

• bea693c Merge branch 'release-1.43.3'
• 1f57fdc Bumping version to 1.43.3
• ba69bd2 Add changelog entries from botocore
• 7dc336e Merge branch 'release-1.43.2'
• e240af8 Merge branch 'release-1.43.2' into develop
• 99fd421 Bumping version to 1.43.2
• 80f4db8 Add changelog entries from botocore
• be6bdf3 Bump pytest from 8.1.1 to 9.0.3 (#4782)
• 753bcab Merge branch 'release-1.43.1'
• 09f56f4 Merge branch 'release-1.43.1' into develop
• Additional commits viewable in compare view

Updates requests-aws4auth from 1.3.1 to 1.3.2

Release notes

Sourced from requests-aws4auth's releases.

v1.3.2

What's Changed

• Fix Deprecated datetime.datetime.utcnow(), #77 #78. Thanks @​andercarrera.
• Unit test and integration test updates, #78.

Full Changelog: tedder/requests-aws4auth@v1.3.1...v1.3.2

Changelog

Sourced from requests-aws4auth's changelog.

1.3.2 (2026-05-01)

Changes

• Fix Deprecated datetime.datetime.utcnow(), #77 #78. Thanks @​andercarrera.
• Unit test and integration test updates, #78.

Commits

• 3dda9dc history and version
• c9cd06a update py versions; use session token for live tests
• 6e58b3e fix additional deprecation warnings for UTC; ensure pre-py311 compat
• b7acfe8 Fix Deprecated datetime.datetime.utcnow()
• 89399ca update release instructions
• See full diff in compare view

Updates streamlit from 1.56.0 to 1.57.0

Release notes

Sourced from streamlit's releases.

1.57.0

What's Changed

Breaking Changes 🛠

• [feature] Make Starlette the default server and remove Tornado by @​lukasmasuch in streamlit/streamlit#14553
• [chore] Remove deprecated kwargs from plotly_chart and vega_lite_chart by @​lukasmasuch in streamlit/streamlit#14800
• [chore] Remove deprecated _get_websocket_headers function by @​lukasmasuch in streamlit/streamlit#14801
• [feature] Direct polars to arrow conversion bypassing pandas by @​lukasmasuch in streamlit/streamlit#14885

New Features 🎉

• [feature] Hide chevron for menu-style icon labels for st.menu_button and st.popover by @​lukasmasuch in streamlit/streamlit#14697
• [feature] Add pills, segmented_control properties and dataframe key to AppTest by @​lukasmasuch in streamlit/streamlit#14518
• [feature] Add title parameter to alert elements by @​lukasmasuch in streamlit/streamlit#14665
• [feat] Add :shimmer[] markdown directive for animated loading text by @​lukasmasuch in streamlit/streamlit#14055
• [feature] Expose App in the st namespace by @​lukasmasuch in streamlit/streamlit#14722
• Bundle OSS developing-with-streamlit core skills in pip package by @​sfc-gh-nbellante in streamlit/streamlit#14745
• [fix] Add border radius to video and map elements by @​lukasmasuch in streamlit/streamlit#14781
• [feature] Add secrets parameter to st.App by @​lukasmasuch in streamlit/streamlit#14861
• Add app and theme templates to bundled skills by @​sfc-gh-nbellante in streamlit/streamlit#14746
• [feature] Expose st.bottom container by @​lukasmasuch in streamlit/streamlit#14726

Bug Fixes 🐛

• [feature] Deduplicate equivalent file extensions in file uploader display by @​lukasmasuch in streamlit/streamlit#14552
• [fix] st.dataframe crash with pandas 3 ArrowStringArray by @​lukasmasuch in streamlit/streamlit#14611
• fix(caching): chain original exception in UnserializableReturnValueError by @​mango766 in streamlit/streamlit#14655
• [fix] inconsistent space encoding in query params by @​sfc-gh-lwilby in streamlit/streamlit#14691
• [fix] Preserve None values in st.data_editor with pandas 3.0+ by @​lukasmasuch in streamlit/streamlit#14694
• [Fix] Add CSS Color Level 4 support by @​mayagbarnes in streamlit/streamlit#14674
• [fix] Evict namespace children when watched sources reload by @​sfc-gh-lwilby in streamlit/streamlit#14708
• [fix] Downcast large Arrow types in custom component v1 serialization by @​sfc-gh-nbellante in streamlit/streamlit#14617
• [fix] Retain st.radio selection for format_func and custom options by @​sfc-gh-lwilby in streamlit/streamlit#14815
• Fix bar_chart axis labels not swapping when horizontal=True by @​kmcgrady in streamlit/streamlit#14866
• [fix] st.text_area height='content' sizing on initial load by @​lukasmasuch in streamlit/streamlit#14884

Other Changes

• [chore] Update emojis/material icons by @​github-actions[bot] in streamlit/streamlit#14576
• [chore] Release v1.56.0 by @​github-actions[bot] in streamlit/streamlit#14598
• Docs for dataframe programmatic selections by @​MathCatsAnd in streamlit/streamlit#14616
• [chore] Update emojis/material icons by @​github-actions[bot] in streamlit/streamlit#14649
• [chore] Update emojis/material icons by @​github-actions[bot] in streamlit/streamlit#14752
• [chore] Update emojis/material icons by @​github-actions[bot] in streamlit/streamlit#14869
• Docs for audio and video columns by @​MathCatsAnd in streamlit/streamlit#14628

New Contributors

• @​dagecko made their first contribution in streamlit/streamlit#14554
• @​mango766 made their first contribution in streamlit/streamlit#14655
• @​sfc-gh-wschmitt made their first contribution in streamlit/streamlit#14922

Full Changelog: streamlit/streamlit@1.56.0...1.57.0

Commits

• 62ec5f3 Up version to 1.57.0
• 543575f feat(host-comm): add PRINT_APP host-to-guest postMessage type (#14922)
• fa67e32 [feature] Expose st.bottom container (#14726)
• e463b41 [feature] Add installed_skills (and agents) telemetry to page profile (#14916)
• 985fa7b Add app and theme templates to bundled skills (#14746)
• bea9013 [feature] Add secrets parameter to st.App (#14861)
• b13f0fa [skill] Set minimum height for embedded apps (#14498)
• 1f7abf9 [feature] Direct polars to arrow conversion bypassing pandas (#14885)
• dbacaad [fix] Add border radius to video and map elements (#14781)
• 5cb5545 Bump ruff from 0.15.10 to 0.15.11 (#14908)
• Additional commits viewable in compare view

Updates aws-cdk-lib from 2.248.0 to 2.252.0

Release notes

Sourced from aws-cdk-lib's releases.

v2.252.0

Features

• core: Validations class now supports addWarning, addError, and acknowledge (#37668) (5e8083c), closes aws/aws-cdk-rfcs#899
• core: add Box API for deferred values with accurate stack traces (#37604) (d592a96)

Bug Fixes

• aws-cdk-lib: cannot be used as a bundledDependency (#37726) (6ba0598), closes #37717
• s3: resolve S3 notification removal race condition (#37708) (dc5be98), closes #37667

---

Alpha modules (2.252.0-alpha.0)

v2.251.0

⚠ BREAKING CHANGES

• ** L1 resources are automatically generated from public CloudFormation Resource Schemas. They are built to closely reflect the real state of CloudFormation. Sometimes these updates can contain changes that are incompatible with previous types, but more accurately reflect reality. In this release we have changed:

aws-elasticloadbalancing: AWS::ElasticLoadBalancing::LoadBalancer: SourceSecurityGroup attribute removed. aws-elasticloadbalancing: AWS::ElasticLoadBalancing::LoadBalancer: PolicyItem type removed. aws-elasticloadbalancing: AWS::ElasticLoadBalancing::LoadBalancer: SourceSecurityGroup type removed.

Features

• update L1 CloudFormation resource definitions (#37684) (9e6c2ef)
• lambda: add ruby 4.0 runtime (#37650) (04d4337)
• update L1 CloudFormation resource definitions (#37644) (e64f943)
• core: Validations class is the new way to add validation plugins to CDK Apps (#37611) (95696b4), closes #37613
• core: graduate policyValidationBeta1 interfaces to policyValidation (#37613) (8c613cf)
• ecs: support for service connect access log configuration (#36067) (5ad1c06)
• route53: accelerated recovery for public hosted zone (#36358) (f1b7b03)
• synthetics: support canary group (#35689) (20ccd31), closes #34043

Bug Fixes

• core: Stage.policyValidationBeta1 is mutable (#37612) (3c1faf1)
• core: construct creation stack traces are implicit (#37643) (5635c20)
• core: synth output is not valid YAML when using policy validation (#37597) (927dd60), closes #25331
• core: token stack traces expensively clutter --debug mode (#37642) (498c546)
• core: tree metadata does not contain logical ID (#37630) (284ab23)
• ec2: fixing vpc endpoint for eu-isoe-west-1 region (#37596) (555c930), closes #31690
• events-targets: make LogGroupTargetInput extend RuleTargetInput for JSII compatibility (#37451) (46dbc7a), closes #36733
• lambda: add Token.isUnresolved checks to provisioned poller config validation (#37197) (667ed30)
• stepfunctions-tasks: warn when CallAwsServiceCrossRegion endpoint is resolved from state input (#37646) (9fdf590)

---

Alpha modules (2.251.0-alpha.0)

Features

... (truncated)

Changelog

Sourced from aws-cdk-lib's changelog.

Changelog

All notable changes to this project will be documented in this file. See standard-version for commit guidelines.

2.252.0-alpha.0 (2026-04-29)

2.251.0-alpha.0 (2026-04-24)

Features

• bedrock-agentcore-alpha: add L2 constructs for policy and policy engine (#37238) (1e89e7e)
• bedrock-agentcore-alpha: add observability configuration for Runtime (#36689) (34b43aa), closes #36596
• bedrock-agentcore-alpha: support No Authorization for AgentCore Gateway (#36610) (f20bd8e)
• dsql-alpha: initial L2 construct (#34599) (be1a458), closes #34593

2.250.0-alpha.0 (2026-04-14)

2.249.0-alpha.0 (2026-04-10)

2.248.0-alpha.0 (2026-04-02)

2.247.0-alpha.0 (2026-04-02)

Features

• mediapackagev2-alpha: new L2 construct (#37279) (7debfb9)

2.246.0-alpha.0 (2026-03-31)

2.245.0-alpha.0 (2026-03-27)

Features

• s3tables-alpha: add support for partition spec, sort order, and table properties (#36811) (2696cd1)
• s3tables-alpha: add metrics configuration support for TableBucket (#37275) (e8786f5)
• s3tables-alpha: implement ITaggableV2 on TableBucket and Table L2 constructs (#37277) (69c8944), closes #33054

2.244.0-alpha.0 (2026-03-19)

Bug Fixes

• kinesisanalytics-flink-alpha: mark deprecated flink runtimes as deprecated (#37155) (0a89447)

2.243.0-alpha.0 (2026-03-11)

2.242.0-alpha.0 (2026-03-10)

... (truncated)

Commits

• a58510c chore(release): 2.252.0 (#37727)
• 9e000ff chore: trigger build
• 323844a chore: update analytics metadata blueprints
• 9f70a52 chore(release): 2.252.0
• 6ba0598 fix(aws-cdk-lib): cannot be used as a bundledDependency (#37726)
• d592a96 feat(core): add Box API for deferred values with accurate stack traces (#37604)
• 0616322 refactor(lambda-nodejs): unify code paths between local & Docker bundling (#3...
• dc5be98 fix(s3): resolve S3 notification removal race condition (#37708)
• a78ddc5 chore(ci): fix pr-issue-check unable to comment on PRs from forks (#37703)
• 556f8d3 chore(core): migrate off of Beta1 properties internally (#37711)
• Additional commits viewable in compare view

Updates constructs to 10.6.0

Release notes

Sourced from constructs's releases.

v10.6.0

10.6.0 (2026-03-23)

Features

• add stackTraceOverride option to MetadataOptions (#2853) (f1fd286)

Commits

• f1fd286 feat: add stackTraceOverride option to MetadataOptions (#2853)
• 809d63a chore(deps): upgrade dev dependencies (#2852)
• c2298f1 chore(deps): upgrade dev dependencies (#2851)
• eb0d022 chore(deps): upgrade dev dependencies (#2850)
• 780040f chore(deps): upgrade dev dependencies (#2849)
• f0f37e5 fix: provide default implementation of with() on Node class (#2848)
• a00cc11 chore(deps): upgrade dev dependencies (#2846)
• 0f1005b feat(mixin): add IMixin interface and Construct.with() method (#2843)
• eb900d5 chore(deps): upgrade dev dependencies (#2845)
• 9c4d938 chore(deps): upgrade dev dependencies (#2844)
• Additional commits viewable in compare view

Updates pandas to 3.0.2

Release notes

Sourced from pandas's releases.

pandas 3.0.2

We are pleased to announce the release of pandas 3.0.2. This is a patch release in the 3.0.x series and includes some regression fixes and bug fixes. We recommend that all users of the 3.0.x series upgrade to this version.

See the full whatsnew for a list of all the changes.

Pandas 3.0 supports Python 3.11 and higher. The release can be installed from PyPI:

python -m pip install --upgrade pandas==3.0.*

Or from conda-forge

conda install -c conda-forge pandas=3.0

Please report any issues with the release on the pandas issue tracker.

Thanks to all the contributors who made this release possible.

Commits

• ab90747 RLS: 3.0.2 (#64934)
• 6f27013 Backport PR #64931 on branch 3.0.x (DOC/BLD: temporary disable upload of docs...
• 48ddc60 Backport PR #64664 on branch 3.0.x (BUG: DataFrame.sum() crashes on empty Dat...
• 8774488 [backport 3.0.x] PERF: fix slow python loop in validation for ArrowStringArra...
• 33af6cc Backport PR #64133 on branch 3.0.x (BUG: str.find returns byte offset instead...
• 4ef49d8 [backport 3.0.x] BUG: fix convert_dtypes dropping values from sliced mixed-dt...
• 0668f34 [backport 3.0.x] BUG: Fix HDFStore.put with StringDtype columns and compressi...
• 23f2f44 [backport 3.0.x] BUG: Suppress unnecessary RuntimeWarning in to_datetime with...
• 83ba804 Backport PR #64886: BUG: Compute Variance of Complex Numbers Correctly (#64892)
• bb5ca1a Backport PR #64386 on branch 3.0.x (BUG: fix sort_index AssertionError with R...
• Additional commits viewable in compare view

Updates pyarrow to 24.0.0

Release notes

Sourced from pyarrow's releases.

Apache Arrow 24.0.0

Release Notes URL: https://arrow.apache.org/release/24.0.0.html

Commits

• 31b4b6c MINOR: [Release] Update versions for 24.0.0
• 06dbc17 MINOR: [Release] Update .deb/.rpm changelogs for 24.0.0
• a021d80 MINOR: [Release] Update CHANGELOG.md for 24.0.0
• 2d6b12c GH-49716: [C++] FixedShapeTensorType::Deserialize should strictly validate se...
• a74cb6a GH-49697: [C++][CI] Check IPC file body bounds are in sync with decoder outco...
• 871a0c6 GH-49676: [Python][Packaging] Fix gRPC docker image layer being too big for h...
• f9203b3 GH-49586: [C++][CI] StructToStructSubset test failure with libc++ 22.1.1 (#49...
• fe298b4 GH-49628: [Python][Interchange protocol] Suppress warnings for pandas 4.0.0 a...
• 1f94910 GH-49252: [GLib] Deprecate Feather features (#49673)
• 5ba5c3c GH-49671: [CI][Docs] Don't run jobs for push by Dependabot (#49672)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: python. Please create it before Dependabot can add it to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.