Bump the python-packages group with 3 updates

[dependabot]

Bumps the python-packages group with 3 updates: pyarrow, httpcore and dunamai.

Updates pyarrow from 23.0.0 to 23.0.1

Release notes

Sourced from pyarrow's releases.

Apache Arrow 23.0.1

Release Notes URL: https://arrow.apache.org/release/23.0.1.html

Apache Arrow 23.0.1 RC0

Release Notes: Release Candidate: 23.0.1 RC0

Commits

• 82a374e MINOR: [Release] Update versions for 23.0.1
• c1ae37c MINOR: [Release] Update .deb/.rpm changelogs for 23.0.1
• 8f6e557 MINOR: [Release] Update CHANGELOG.md for 23.0.1
• 4e16a1a GH-49159: [C++][Gandiva] Detect overflow in repeat() (#49160)
• 985621d GH-48817 [R][C++] Bump C++20 in R build infrastructure (#48819)
• 1bea06a GH-49024: [CI] Update Debian version in .env (#49032)
• 147bcd6 GH-49156: [Python] Require GIL for string comparison (#49161)
• e4f922b GH-49138: [Packaging][Python] Remove nightly cython install from manylinux wh...
• f9376e4 GH-49003: [C++] Don't consider out_of_range an error in float parsing (#49095)
• ab2c0ad GH-49044: [CI][Python] Fix test_download_tzdata_on_windows by adding required...
• Additional commits viewable in compare view

Updates httpcore from 0.18.0 to 1.0.9

Release notes

Sourced from httpcore's releases.

Version 1.0.9 (April 24th, 2025)

• Resolve GHSA-vqfr-h8mv-ghfj with h11 dependency update. (#1008)

Version 1.0.8 (April 11th, 2025)

• Fix AttributeError when importing on Python 3.14. (#1005)

Version 1.0.7 (November 15th, 2024)

• Support proxy=… configuration on ConnectionPool(). (#974)

Version 1.0.6 (October 1st, 2024)

• Relax trio dependency pinning. (#956)
• Handle trio raising NotImplementedError on unsupported platforms. (#955)
• Handle mapping ssl.SSLError to httpcore.ConnectError. (#918)

Version 1.0.5

1.0.5 (March 27th, 2024)

• Handle EndOfStream for anyio backend. (encode/httpcore#899)
• Allow trio 0.25.* series in package dependancies. (encode/httpcore#903)

Version 1.0.4

1.0.4 (February 21st, 2024)

• Add target request extension. (#888)
• Fix support for connection Upgrade and CONNECT when some data in the stream has been read. (#882)

Version 1.0.3

1.0.3 (February 13th, 2024)

• Fix support for async cancellations. (#880)
• Fix trace extension when used with socks proxy. (#849)
• Fix SSL context for connections using the "wss" scheme (#869)

Version 1.0.2

1.0.2 (November 10th, 2023)

• Fix float("inf") timeouts in Event.wait function. (#846)

Version 1.0.1

1.0.1 (November 3rd, 2023)

• Fix pool timeout to account for the total time spent retrying. (#823)
• Raise a neater RuntimeError when the correct async deps are not installed. (#826)
• Add support for synchronous TLS-in-TLS streams. (#840)

Version 1.0.0

... (truncated)

Changelog

Sourced from httpcore's changelog.

Version 1.0.9 (April 24th, 2025)

• Resolve GHSA-vqfr-h8mv-ghfj with h11 dependency update. (#1008)

Version 1.0.8 (April 11th, 2025)

• Fix AttributeError when importing on Python 3.14. (#1005)

Version 1.0.7 (November 15th, 2024)

• Support proxy=… configuration on ConnectionPool(). (#974)

Version 1.0.6 (October 1st, 2024)

• Relax trio dependency pinning. (#956)
• Handle trio raising NotImplementedError on unsupported platforms. (#955)
• Handle mapping ssl.SSLError to httpcore.ConnectError. (#918)

1.0.5 (March 27th, 2024)

• Handle EndOfStream exception for anyio backend. (#899)
• Allow trio 0.25.* series in package dependancies. (#903)

1.0.4 (February 21st, 2024)

• Add target request extension. (#888)
• Fix support for connection Upgrade and CONNECT when some data in the stream has been read. (#882)

1.0.3 (February 13th, 2024)

• Fix support for async cancellations. (#880)
• Fix trace extension when used with socks proxy. (#849)
• Fix SSL context for connections using the "wss" scheme (#869)

1.0.2 (November 10th, 2023)

• Fix float("inf") timeouts in Event.wait function. (#846)

1.0.1 (November 3rd, 2023)

• Fix pool timeout to account for the total time spent retrying. (#823)
• Raise a neater RuntimeError when the correct async deps are not installed. (#826)
• Add support for synchronous TLS-in-TLS streams. (#840)

1.0.0 (October 6th, 2023)

From version 1.0 our async support is now optional, as the package has minimal dependencies by default.

For async support use either pip install 'httpcore[asyncio]' or pip install 'httpcore[trio]'.

... (truncated)

Commits

• 9820975 Version 1.0.9 (#1011)
• d1e17c5 Update h11 dependency, resolving security fix. (#1008)
• ae46dfb Version 1.0.8 (#1006)
• b2a796c Fix AttributeError when importing on Python 3.14 (#1005)
• 38f277c Revert "Use AnyIO fast_acquire (#953)" (#1002)
• 973cbdd Use AnyIO fast_acquire (#953)
• 8b8ab18 fix ci (#999)
• a173552 Version 1.0.7 (#977)
• 13e281d Add proxy configuration to ConnectionPool. (#974)
• 0bfcee4 default port for the socks5h scheme (#972)
• Additional commits viewable in compare view

Updates dunamai from 1.25.0 to 1.26.0

Release notes

Sourced from dunamai's releases.

v1.26.0 (2026-02-14)

• Added --highest-tag option to select the numerically highest version, even if it is not the chronologically latest tag.

Changelog

Sourced from dunamai's changelog.

v1.26.0 (2026-02-14)

• Added --highest-tag option to select the numerically highest version, even if it is not the chronologically latest tag.

Commits

• 70939d3 Release v1.26.0
• 71b11d7 Switch to tool.poetry.group.dev.dependencies
• 78b4283 Use 'git tag --no-sign' in tests
• a41b416 Add --highest-tag option
• See full diff in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

• 🔍 Trigger review

✨ Finishing touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch dependabot/pip/python-packages-697af09dd4

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}