chore(deps)(deps): bump the python-dependencies group with 6 updates

[dependabot]

Bumps the python-dependencies group with 6 updates:

Package	From	To
narwhals	2.22.0	2.22.1
python-multipart	0.0.30	0.0.32
ipython	9.14.0	9.14.1
marimo	0.23.8	0.23.9
hypothesis	6.155.1	6.155.2
ty	0.0.42	0.0.46

Updates narwhals from 2.22.0 to 2.22.1

Release notes

Sourced from narwhals's releases.

Narwhals v2.22.1

Changes

🐞 Bug fixes

• fix: preserve fireducks functionality (#3672)
• fix(polars): Backport is_close for Decimal dtype and join(how={"semi", "anti"}) on null's (#3660)
• fix: Include test data in sdist (#3665)

📦 Build system

• fix: Include test data in sdist (#3665)

Thank you to all our contributors for making this release possible! @​FBruzzesi and @​MarcoGorelli

Commits

• 27bf8db release: Bump version to 2.22.1
• 125ed1e fix: inplace deprecation warning from pandas in drop (#3675)
• ebd57ae fix: preserve fireducks functionality (#3672)
• 8da0d89 fix(polars): Backport is_close for Decimal dtype and `join(how={"semi", "...
• 6db4d00 fix: Include test data in sdist (#3665)
• 1eb327f release: Bump version to 2.22.0 (#3663)
• See full diff in compare view

Updates python-multipart from 0.0.30 to 0.0.32

Release notes

Sourced from python-multipart's releases.

Version 0.0.32

What's Changed

• Replace per-byte partial-boundary scan with rfind lookbehind by @​Kludex in Kludex/python-multipart#300

Full Changelog: Kludex/python-multipart@0.0.31...0.0.32

Version 0.0.31

What's Changed

• Speed up multipart header parsing and callback dispatch by @​Kludex in Kludex/python-multipart#295
• Bound header field name size before validating by @​Kludex in Kludex/python-multipart#296
• Validate Content-Length is non-negative in parse_form by @​Kludex in Kludex/python-multipart#297

Full Changelog: Kludex/python-multipart@0.0.30...0.0.31

Changelog

Sourced from python-multipart's changelog.

0.0.32 (2026-06-04)

• Speed up partial-boundary scanning for CR/LF-dense part data #300.

0.0.31 (2026-06-04)

• Speed up multipart header parsing and callback dispatch #295.
• Bound header field name size before validating #296.
• Validate Content-Length is non-negative in parse_form #297.

Commits

• 238ead6 Version 0.0.32 (#302)
• 8672979 Replace per-byte partial-boundary scan with rfind lookbehind (#300)
• 8190779 Bump the python-packages group with 7 updates (#301)
• 0d3c086 Use uv package ecosystem for Dependabot (#299)
• 4cffc68 Version 0.0.31 (#298)
• c814948 Reject negative Content-Length in parse_form (#297)
• 6b837d4 Bound header field name size before validating (#296)
• e0c4f9d Bump the github-actions group with 3 updates (#294)
• b8a01bb Bump the python-packages group with 3 updates (#293)
• 6732164 Speed up multipart header parsing and callback dispatch (#295)
• See full diff in compare view

Updates ipython from 9.14.0 to 9.14.1

Commits

• 352c35b release 9.14.1
• df72b1f Add forward compatibility for pdb.Pdb's mode argument (#15235)
• a957d81 Handle pdb.Pdb mode argument and test signature compatibility
• 3e1c054 ci: add zizmor GitHub Actions security analysis and harden workflows (#15238)
• 0181ae3 ci: add zizmor GitHub Actions security analysis and harden workflows
• fb831cc back to dev
• See full diff in compare view

Updates marimo from 0.23.8 to 0.23.9

Release notes

Sourced from marimo's releases.

0.23.9

What's Changed

This release makes opening a notebook in a second tab non-destructive, mo.ui.table adds new args for hidden_columns/visible_columns (mutually exclusive), and tightens sharing and error-output behavior across the board.

⭐️ Highlights

Open the same notebook in a second tab

Opening a notebook in a second browser tab no longer forcibly disconnects the first. The new tab joins as a live, read-only viewer, and you can take over editing from either side with a single click — no destructive modal and no reload required (#9746).

Show and hide table columns

mo.ui.table now supports column visibility. Hide and show columns from the column header menu, Column Explorer with a click, find columns fast with smart prefix-based search, and control initial visibility from Python. A hidden-count and "Unhide all" link keep things discoverable (#9687, #9696).

Cells with no output now show in slides

Because slides allow code edits, a slide edited to no longer produce an output used to disappear from the deck entirely. Such cells now appear in the slides minimap and viewer so you can edit them back in (they're still skipped during a presentation). Minimap thumbnails are also larger and more readable (#9771).

✨ Enhancements

• Add MARIMO_RESTRICT_SHARING env var machine-wide (#9756)
• Non-destructive local takeover (read-only viewer + bidirectional takeover) (#9746)
• Add cells with no output to the minimap & viewer (#9771)
• Add GET /api/kernel/status endpoint (#9768)
• Enforce sharing config as server-side security (#9578)
• Add filter param for regex and callable filtering (#9667)
• Slides config panel open by default (#9737)
• Add pair with agent link (#9738)
• Add Opus 4.8 and script to append models to the top (#9723)
• Remove mapping for 'src' to 'auto-mix-prep' (#9725)
• Add workflow to automate running llm-sync-models script (#9724)
• Automation script to pull models.yml (#9635)
• Support Dremio ADBC data source browsing (#9694)
• Add auto_close_pairs setting (#9711)
• WASM compatibility rule checks (#9587)
• Fix dropped error hints and improve error output UI (#9673)
• Column Explorer visibility controls + smart-search (#9696)
• Sort toml entries when writing config (#9686)

... (truncated)

Commits

• c3c0ee3 release: 0.23.9 (#9790)
• fdd55c8 fix: escape user-controlled file_key in service worker injection (#9789)
• dc35cdf feat(sharing): add MARIMO_RESTRICT_SHARING env var machine-wide (#9756)
• 6dcaff7 feat: non-destructive local takeover (read-only viewer + bidirectional takeov...
• d0352e2 slides: add cells with no output to the minimap & viewer (#9771)
• d9ab41a fix completions in slides view (#9769)
• c0f07c0 fix: arg/kwarg collision for local numpy vars in caching (#9751)
• 8d6e540 feat(server): add GET /api/kernel/status endpoint (#9768)
• e55e7ba fix(runtime): don't shadow builtin print unless mo.Thread is used (#9765) (#9...
• 4d47f09 fix(lsp): suppress marimo hover tooltip for all LSP providers, not just pylsp...
• Additional commits viewable in compare view

Updates hypothesis from 6.155.1 to 6.155.2

Commits

• fcc26c4 Bump hypothesis version to 6.155.2 and update changelog
• 13cdd0b Merge pull request #4760 from Zac-HD/datetime-symbolic-4759
• e48846d format
• b4152ea rewrite comments and improve test
• 6b18db3 fixed flake
• eb7d53a Update pinned dependencies
• 1bbeb59 Fix update_pyodide_versions for relocated xbuildenv metadata
• 552a461 Make date/time drawing symbolic-execution friendly
• 2c6dfdb Merge pull request #4758 from bsluther/docs-fix-assume-condition
• 1416fe1 Fix assume condition in adapting-strategies.rst
• See full diff in compare view

Updates ty from 0.0.42 to 0.0.46

Release notes

Sourced from ty's releases.

0.0.46

Release Notes

Released on 2026-06-08.

Bug fixes

• Avoid crash when hovering over Callable (#25759)

Core type checking

• Support Callable() in match statement class patterns (#25541)
• Improve support for enum.property (#25681)

Contributors

• @​carljm
• @​charliermarsh
• @​thejchap

Install ty 0.0.46

Install prebuilt binaries via shell script

curl --proto '=https' --tlsv1.2 -LsSf https://releases.astral.sh/github/ty/releases/download/0.0.46/ty-installer.sh | sh

Install prebuilt binaries via powershell script

powershell -ExecutionPolicy Bypass -c "irm https://releases.astral.sh/github/ty/releases/download/0.0.46/ty-installer.ps1 | iex"

Download ty 0.0.46

File	Platform	Checksum
ty-aarch64-apple-darwin.tar.gz	Apple Silicon macOS	checksum
ty-x86_64-apple-darwin.tar.gz	Intel macOS	checksum
ty-aarch64-pc-windows-msvc.zip	ARM64 Windows	checksum
ty-i686-pc-windows-msvc.zip	x86 Windows	checksum
ty-x86_64-pc-windows-msvc.zip	x64 Windows	checksum
ty-aarch64-unknown-linux-gnu.tar.gz	ARM64 Linux	checksum
ty-i686-unknown-linux-gnu.tar.gz	x86 Linux	checksum
ty-powerpc64-unknown-linux-gnu.tar.gz	PPC64 Linux	checksum
ty-powerpc64le-unknown-linux-gnu.tar.gz	PPC64LE Linux	checksum
ty-riscv64gc-unknown-linux-gnu.tar.gz	RISCV Linux	checksum
ty-s390x-unknown-linux-gnu.tar.gz	S390x Linux	checksum
ty-x86_64-unknown-linux-gnu.tar.gz	x64 Linux	checksum

... (truncated)

Changelog

Sourced from ty's changelog.

0.0.46

Released on 2026-06-08.

Bug fixes

• Avoid crash when hovering over Callable (#25759)

Core type checking

• Support Callable() in match statement class patterns (#25541)
• Improve support for enum.property (#25681)

Contributors

• @​carljm
• @​charliermarsh
• @​thejchap

0.0.45

Released on 2026-06-08.

Bug fixes

• Avoid treating dynamic class attributes as instance attributes (#25678)
• Fix divergence in recursive inference due to ambiguous overload (#25548)
• Preserve literal promotion for mixed bounds (#25648)

Diagnostics

• Add missing-type-argument lint rule (#25617)

Core type checking

• Add support for narrowing on tuple match cases (#25493)
• Check implicit open TypedDict extra items (#25628)
• Create fresh copies of generic callable typevars (#24949)
• Preserve deprecation on replacement functions (#25688)
• Preserve intersection receivers during attribute lookup (#25626)
• Preserve transparent callable decorators (#25030)

Performance

• Avoid AST load for callable description names (#25728)
• Avoid caching absent class decorators and type parameters (#25689)
• Avoid caching atomic type specializations (#25663)
• Avoid caching constant constraint relations (#25656)
• Avoid caching missing implicit attributes (#25649)
• Avoid caching trivial class-header queries (#25692)

... (truncated)

Commits

• 2917c84 Bump version to 0.0.46 (#3700)
• 210302b Bump version to 0.0.45 (#3696)
• 5be8bff Use removeprefix for relative README image paths (#3685)
• cb8043c docs: add mypy/pyright rule mapping reference page (#3336)
• f5523e2 Bump version to 0.0.44 (#3667)
• 29ce314 Bump version to 0.0.43 (#3648)
• 794322d Update docker/build-push-action action to v7.2.0 (#3629)
• ce89685 Update prek dependencies (#3628)
• 792fb71 Update docker/login-action action to v4.2.0 (#3630)
• 5c37747 Update docker/metadata-action action to v6.1.0 (#3631)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[dependabot]

Labels

The following labels could not be found: dependencies, python. Please create them before Dependabot can add them to a pull request.

Please fix the above issues or remove invalid values from dependabot.yml.