deps(python): bump the python-minor group across 1 directory with 12 updates

[dependabot]

Bumps the python-minor group with 12 updates in the / directory:

Package	From	To
mcp	1.27.1	1.27.2
fastmcp	3.3.1	3.4.2
scikit-learn	1.8.0	1.9.0
anthropic	0.104.1	0.107.1
google-cloud-storage	3.10.1	3.11.0
pandas-stubs	3.0.0.260204	3.0.3.260530
ruff	0.15.14	0.15.16
plotly	6.7.0	6.8.0
bokeh	3.9.0	3.9.1
altair	6.1.0	6.2.1
plotnine	0.15.4	0.15.5
webdriver-manager	4.1.1	4.1.2

Updates mcp from 1.27.1 to 1.27.2

Release notes

Sourced from mcp's releases.

v1.27.2

What's Changed

• [v1.x] ci: deploy docs to py.sdk.modelcontextprotocol.io via Pages artifact by @​maxisbey in modelcontextprotocol/python-sdk#2635
• [v1.x] Add subject and claims to AccessToken by @​maxisbey in modelcontextprotocol/python-sdk#2690
• [v1.x] Bind transport sessions to the authenticated principal by @​maxisbey in modelcontextprotocol/python-sdk#2719
• [v1.x] Scope experimental tasks to the session that created them by @​maxisbey in modelcontextprotocol/python-sdk#2720

Full Changelog: modelcontextprotocol/python-sdk@v1.27.1...v1.27.2

Commits

• 6213787 [v1.x] Scope experimental tasks to the session that created them (#2720)
• ce267b6 [v1.x] Bind transport sessions to the authenticated principal (#2719)
• 1abcca2 [v1.x] Add subject and claims to AccessToken (#2690)
• 9773a3f [v1.x] ci: deploy docs to py.sdk.modelcontextprotocol.io via Pages artifact (...
• See full diff in compare view

Updates fastmcp from 3.3.1 to 3.4.2

Release notes

Sourced from fastmcp's releases.

v3.4.2: Heads Up

FastMCP 3.4.2 restores JWT compatibility for providers that include private, non-critical JWS header parameters. Tokens from providers like Clerk can carry header metadata such as cat without being rejected before signature and claim validation, while unsupported critical headers are still rejected.

What's Changed

Fixes 🐞

• Allow private JWT headers by @​jlowin in PrefectHQ/fastmcp#4290

Docs 📚

• Docs: add v3.4.1 changelog entries by @​jlowin in PrefectHQ/fastmcp#4289

Full Changelog: PrefectHQ/fastmcp@v3.4.1...v3.4.2

v3.4.1: Floor It

FastMCP 3.4.1 floors Starlette at >=1.0.1 so installs can no longer resolve to a version affected by CVE-2026-48710 — previously the dependency was only constrained transitively through mcp, which allowed vulnerable versions. It also makes OAuthProxy log refresh-token cache misses instead of failing silently.

What's Changed

Enhancements ✨

• Log refresh-token misses in OAuthProxy instead of failing silently by @​jlowin in PrefectHQ/fastmcp#4276

Security 🔒

• Add explicit starlette>=1.0.1 floor (CVE-2026-48710) by @​jlowin in PrefectHQ/fastmcp#4286

Docs 📚

• Document --notes-start-tag in release instructions by @​jlowin in PrefectHQ/fastmcp#4275

Full Changelog: PrefectHQ/fastmcp@v3.4.0...v3.4.1

v3.4.0: Remote Control

FastMCP 3.4 is about reaching servers that live somewhere else. The headline is fastmcp-remote, a standalone bridge that connects stdio-only MCP hosts to servers hosted over HTTP. Around it, this release hardens the proxy layer those remote connections depend on — making bridges fail loudly instead of silently, and keeping authenticated sessions alive across the long idle periods that remote clients are prone to.

fastmcp-remote

Some MCP hosts still insist on launching a local stdio command, even when the server you want is already running over HTTP. FastMCP could already proxy a remote URL through fastmcp run, but that pulls in the full server-runner surface. fastmcp-remote is the small, single-purpose version: one URL in, one local stdio proxy out.

{
  "mcpServers": {
    "linear": {
      "command": "uvx",
      "args": ["fastmcp-remote", "https://mcp.linear.app/mcp"]
    }
  }
}

OAuth is enabled automatically for HTTPS servers, with support for explicit bearer tokens and custom headers when you need them. The implementation stays on FastMCP primitives — Client, OAuth, create_proxy, and stdio — and credits the original npm mcp-remote project for the command shape.

... (truncated)

Commits

• 3b8538e Allow private JWT headers (#4290)
• 0445c31 chore: Update SDK documentation (#4223)
• 9261793 Docs: add v3.4.1 changelog entries (#4289)
• e1b52d0 Add explicit starlette>=1.0.1 floor (CVE-2026-48710) (#4286)
• e58f386 Log refresh-token misses in OAuthProxy instead of failing silently (#4276)
• 3f09c68 Document --notes-start-tag requirement in release instructions (#4275)
• e124bde Fix MDX syntax error in changelog (#4270)
• dae11bb Backfill changelog and updates through v3.4.0 (#4269)
• 0f4f78c Fix resource templates with query params on proxied servers (#4251)
• 1a06130 Fix GitHub MCP resource integration test (#4253)
• Additional commits viewable in compare view

Updates scikit-learn from 1.8.0 to 1.9.0

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.9.0

We're happy to announce the 1.9.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_9_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.9.html

This release adds narwhals as a new dependency that will help to improve dataframe interoperability across the project.

This version supports Python versions 3.11 to 3.14.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Commits

• 77def0e trigger wheel builder [cd build]
• ee7c0b0 generate changelog
• 3d7fb04 bump version
• 8954e7b DOC Release highlights for 1.9 (#34147)
• 73a3eab Fix: Array-API - avoid failing for numpy fit + predict with sparse or array-l...
• 8839aae DOC Thread-safety requirement for open_listener message consumer callback (#3...
• 4d2476a DOC Refactor array API docs page (#34054)
• f9f812f 🔒 🤖 CI Update lock files for scipy-dev CI build(s) 🔒 🤖 ...
• d779dc3 🔒 🤖 CI Update lock files for free-threaded CI build(s) 🔒 :rob...
• 6a03cf0 🔒 🤖 CI Update lock files for array-api CI build(s) 🔒 🤖 ...
• Additional commits viewable in compare view

Updates anthropic from 0.104.1 to 0.107.1

Release notes

Sourced from anthropic's releases.

v0.107.1

0.107.1 (2026-06-07)

Full Changelog: v0.107.0...v0.107.1

Bug Fixes

• foundry: send x-api-key header for API-key auth (#62) (1338141), closes #1661

v0.107.0

0.107.0 (2026-06-06)

Full Changelog: v0.106.0...v0.107.0

Features

• api: small updates to Managed Agents types (72923f9)

v0.106.0

0.106.0 (2026-06-05)

Full Changelog: v0.105.2...v0.106.0

Features

• api: mark Claude Opus 4.1 as deprecated (85068cc)

Bug Fixes

• client: make Foundry client copy() and with_options() work (94146ac)
• transform schema: preserve $defs when schema root is a $ref (#1642) (fc58e06)

Chores

• internal: fix artifact url (a6ed0c4)
• internal: fix branch names (3b03370)
• internal: update private repo name (7dbcb05)

Documentation

• point security reports to Anthropic's HackerOne program (#10) (80f2c97)

v0.105.2

0.105.2 (2026-05-29)

Full Changelog: v0.105.1...v0.105.2

... (truncated)

Changelog

Sourced from anthropic's changelog.

0.107.1 (2026-06-07)

Full Changelog: v0.107.0...v0.107.1

Bug Fixes

• foundry: send x-api-key header for API-key auth (#62) (1338141), closes #1661

0.107.0 (2026-06-06)

Full Changelog: v0.106.0...v0.107.0

Features

• api: small updates to Managed Agents types (72923f9)

0.106.0 (2026-06-05)

Full Changelog: v0.105.2...v0.106.0

Features

• api: mark Claude Opus 4.1 as deprecated (85068cc)

Bug Fixes

• client: make Foundry client copy() and with_options() work (94146ac)
• transform schema: preserve $defs when schema root is a $ref (#1642) (fc58e06)

Chores

• internal: fix artifact url (a6ed0c4)
• internal: fix branch names (3b03370)
• internal: update private repo name (7dbcb05)

Documentation

• point security reports to Anthropic's HackerOne program (#10) (80f2c97)

0.105.2 (2026-05-29)

Full Changelog: v0.105.1...v0.105.2

0.105.1 (2026-05-29)

Full Changelog: v0.105.0...v0.105.1

... (truncated)

Commits

• 260e687 release: 0.107.1
• 49c5395 fix(foundry): send x-api-key header for API-key auth (#62)
• 4ceca72 release: 0.107.0
• 3a6f9d9 feat(api): small updates to Managed Agents types
• 6a70c9f release: 0.106.0
• 8fa41c8 codegen metadata
• 1f55325 Don't leak ANTHROPIC_API_KEY to the Foundry endpoint (#18)
• a94498c fix(client): make Foundry client copy() and with_options() work
• 907d849 chore(internal): fix artifact url
• 9676a5d docs: point security reports to Anthropic's HackerOne program (#10)
• Additional commits viewable in compare view

Updates google-cloud-storage from 3.10.1 to 3.11.0

Release notes

Sourced from google-cloud-storage's releases.

google-cloud-storage: v3.11.0

v3.11.0 (2026-06-02)

Features

• Added a new field ComposeObjectRequest.delete_source_objects field (PiperOrigin-RevId: 863087065) (1230e174)

• add object contexts in Python GCS SDK (#17039) (15ec8bd7)

• Add delete_source_objects optional parameter to compose API (#17163) (16ab4c26)

• add fixed-key metadata support in AAOW (#16817) (28487f5c)

• Add support for blob object in AAOW (#16577) (32718318)

• implement AsyncMultiRangeDownloader with multiplexed bidi-gRPC stream support (#16528) (493df65b)

• populate the persisted_data_checksums field with object checksums on write object / query write status responses (PiperOrigin-RevId: 895357062) (56ccbd86)

• Enhance Otel Span Attributes with BucketId and Location details for every Bucket/Blob operation (a0da993d)

• drop Python 3.7-3.9 support and regenerate (#17178) (c804a935)

Bug Fixes

• updates typing for python 3.8 (87b7ba97)

• propagate quota_project_id and api_endpoint in AsyncGrpcClient (#16731) (b8b457aa)

Performance Improvements

• add multiplexing performance tests for AsyncMultiRangeDownloader (#16501) (20969910)

• implement fast-path for queue delivery in _StreamMultiplexer (#16718) (7073be16)

• use google_crc32c.value for checksums (#16719) (c6461a42)

• use google_crc32c.value() for simpler crc32c calculation (#16761) (c9846c92)

Documentation

• Updated documentation for BidiReadObject, ReadObjectRequest, and ObjectContexts (PiperOrigin-RevId: 863087065) (1230e174)

• improve wording around object_checksums in bidi write object requests (PiperOrigin-RevId: 895357062) (56ccbd86)

Changelog

Sourced from google-cloud-storage's changelog.

3.11.0 (2026-03-05)

Features

• Added a field for enabling image and table annotation for layout parser processor (6120fb0db084f5e8d1502fb1bb37594ac9976f6e)

3.10.0 (2026-02-12)

Documentation

• Updated comments for various fields and messages (5371e8e931dfba1d504ac2ffbd48a7f4abdcc158)

Features

• The method ReviewDocument in .google.cloud.documentai.v1beta3.DocumentProcessorService is deprecated (5371e8e931dfba1d504ac2ffbd48a7f4abdcc158)
• A new field enable_table_split is added to message .google.cloud.documentai.v1beta3.OcrConfig.LayoutParsingParams (5371e8e931dfba1d504ac2ffbd48a7f4abdcc158)
• Added new messages Documents and RawDocuments for inline document input (5371e8e931dfba1d504ac2ffbd48a7f4abdcc158)
• The field skip_human_review in messages .google.cloud.documentai.v1beta3.ProcessRequest and .google.cloud.documentai.v1beta3.BatchProcessRequest is deprecated (5371e8e931dfba1d504ac2ffbd48a7f4abdcc158)
• A new field document_prompt is added to message .google.cloud.documentai.v1beta3.DocumentSchema (5371e8e931dfba1d504ac2ffbd48a7f4abdcc158)
• A new field revisions is added to message .google.cloud.documentai.v1beta3.Evaluation (5371e8e931dfba1d504ac2ffbd48a7f4abdcc158)
• A new field document_type is added to message .google.cloud.documentai.v1beta3.ImportDocumentsRequest (5371e8e931dfba1d504ac2ffbd48a7f4abdcc158)

Bug Fixes

• Removed the SpannerIndexingConfig message and the spanner_indexing_config field from .google.cloud.documentai.v1beta3.Dataset BREAKING CHANGE: The SpannerIndexingConfig message and the spanner_indexing_config field within the Dataset message have been removed. Client code referencing these will need to stop referencing these in case of an error (5371e8e931dfba1d504ac2ffbd48a7f4abdcc158)

3.9.0 (2026-01-29)

Documentation

• Fixed language issues in multiple message field descriptions (38754bbd8765298482b679b027e9bc0ac5a66bb3)
• Regenerated REST and RPC Document AI documentation to include missing changes from September 2024 to November 2025 (38754bbd8765298482b679b027e9bc0ac5a66bb3)

3.8.0 (2026-01-08)

Features

• auto-enable mTLS when supported certificates are detected (c353aa5bcc937ef9399c8efc90492dadbcf01aa2)
• check Python and dependency versions in generated GAPICs (c353aa5bcc937ef9399c8efc90492dadbcf01aa2)

3.7.0 (2025-10-16)

Documentation

... (truncated)

Commits

• 5accbb4 chore: librarian release pull request: 20260602T021047Z (#17336)
• 86e57cb fix(spanner_dbapi): replace insecure pickle with json for partition deseriali...
• 6b62cb6 feat(bigframes): Add ai_generate functions to the dataframe bq accessor (#17302)
• 54fd04b chore: librarian release pull request: 20260529T145921Z (#17312)
• c04f892 chore: update googleapis and regenerate (#17313)
• 1c2e24f chore: generate google-cloud-monitoring-dashboards (#17309)
• 06965d8 chore: generate google-cloud-containeranalysis (#17308)
• 2024224 chore: generate grafeas (#17307)
• 9f2ed92 chore(spanner): deprecate experimental host option/parameter to replace with ...
• 7813ca4 chore: add missing nox sessions and polish dependencies in sqlalchemy-spanner...
• Additional commits viewable in compare view

Updates pandas-stubs from 3.0.0.260204 to 3.0.3.260530

Commits

• 1a40eec Version 3.0.3.260530
• 0f063ec Make mypy reject float(Series) calls (#1753)
• a073669 GH1415 Enhance typing of Series[Categorical] (#1748)
• 9df3c52 TYP: GH1727 Narrow Series.to_numpy return types based on the dtype argument (...
• 2da5f78 GH1742 fix nightly CI (#1747)
• 84e7d1a BUG: allow kwargs in Styler apply_index and map_index (#1725)
• 82c9851 GH1654 Pandas 3.0 support (#1741)
• 4f6f533 MNT: Fix missing check/assert_type harness where missing (#1749)
• 3bbd508 chore(ci): declare contents: read on test (#1751)
• ee82af5 Modernize project settings in pyproject.toml (#1746)
• Additional commits viewable in compare view

Updates ruff from 0.15.14 to 0.15.16

Release notes

Sourced from ruff's releases.

0.15.16

Release Notes

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

... (truncated)

Changelog

Sourced from ruff's changelog.

0.15.16

Released on 2026-06-04.

Preview features

• [flake8-async] Implement yield-in-context-manager-in-async-generator (ASYNC119) (#24644)
• [pylint] Narrow diagnostic range and exclude cases without exception handlers (PLW0717) (#25440)
• [ruff] Treat yield before break from a terminal loop as terminal (RUF075) (#25447)

Bug fixes

• [eradicate] Avoid flagging ruff:ignore comments as code (ERA001) (#25537)
• [eradicate] Fix ERA001/RUF100 conflict when noqa is on commented-out code (#25414)
• [pyflakes] Avoid removing the format call when it would change behavior (F523) (#25320)
• [pylint] Avoid syntax errors in invalid character replacements in f-strings before Python 3.12 (PLE2510, PLE2512, PLE2513, PLE2514, PLE2515) (#25544)
• [pyupgrade] Avoid converting format calls with more kinds of side effects (UP032) (#25484)

Rule changes

• [flake8-pytest-style] Avoid fixes for ambiguous argnames and argvalues combinations (PT006) (#24776)

Performance

• Drop excess capacity from statement suites during parsing (#25368)

Documentation

• [pydocstyle] Improve discoverability of rules enabled for each convention (#24973)
• [ruff] Restore example code for Python versions before 3.15 (RUF017) (#25439)
• Fix typo bin/active → bin/activate in tutorial (#25473)

Other changes

• Shrink additional parser AST collections (#25465)

Contributors

• @​Redslayer112
• @​koriyoshi2041
• @​George-Ogden
• @​TejasAmle
• @​anishgirianish
• @​ntBre
• @​MichaReiser
• @​loganrosen
• @​RafaelJohn9
• @​adityasingh2400

0.15.15

... (truncated)

Commits

• 6c498ab Bump 0.15.16 (#25635)
• e51e132 [flake8-async] Implement yield-in-context-manager-in-async-generator (`AS...
• 7c6dcd9 [ty] Add caching for pattern match narrowing (#25613)
• 27058fc [ty] Compact retained definition and expression identities (#25606)
• bf80d05 Fix CODEOWNERS syntax (#25622)
• 10ccd51 Shrink additional parser AST collections (#25465)
• 0d7135f [ty] Upgrade Salsa (#25545)
• 49493a3 [ty] Show type alias value on hover (#25381)
• 85207d3 [ty] sys.implementation.version is not sys.version_info (#25608)
• a8a0614 [ty] Avoid retaining duplicate function signatures (#25609)
• Additional commits viewable in compare view

Updates plotly from 6.7.0 to 6.8.0

Release notes

Sourced from plotly's releases.

v6.8.0

Added

• Add optional font parameter for make_subplots [#5393], with thanks to @​Zomtir for the contribution!

Fixed

• Fix issue where user-specified color_continuous_scale was ignored when template had autocolorscale=True [#5439], with thanks to @​antonymilne for the contribution!
• Use presence of COLAB_NOTEBOOK_ID env var to enable Colab renderer instead of testing import of google.colab [#5473], with thanks to @​kevineger for the contribution!
• Fix incorrect annotation placement for add_vline, add_hline, add_vrect, and add_hrect on datetime axes [#5508], with thanks to @​mosh3eb for the contribution!
• Update tests to be compatible with numpy 2.4 [#5522], with thanks to @​thunze for the contribution!
• Fix issue where js/ directory was unintentionally installed as a top-level Python package when installing plotly [#5587]
• Add default headers to be passed in to Kaleido v1.3.0 to avoid blocked Open Street Map tiles [#5588]
• Propagate the requested default_height/default_width to the outer wrapper div produced by to_html so that responsive (percentage) dimensions inherit from a sized parent container instead of collapsing to the plotly.js 450px fallback [#5591], with thanks to @​SharadhNaidu for the contribution!

Updated

• The __eq__ method for graph_objects classes now returns NotImplemented to give the other operand an opportunity to handle the comparison [#5547], with thanks to @​RazerM for the contribution!
• Update plotly.js from version 3.5.0 to version 3.6.0. See the plotly.js release notes for more information [#5608]. Notable changes include:
  • Add support for arrays for the pie property legendrank, so that it can be configured per slice [#7723]
  • Add hoversort layout attribute to sort unified hover label items by value [#7734]

Changelog

Sourced from plotly's changelog.

[6.8.0] - 2026-06-03

Added

• Add optional font parameter for make_subplots [#5393], with thanks to @​Zomtir for the contribution!

Fixed

• Fix issue where user-specified color_continuous_scale was ignored when template had autocolorscale=True [#5439], with thanks to @​antonymilne for the contribution!
• Use presence of COLAB_NOTEBOOK_ID env var to enable Colab renderer instead of testing import of google.colab [#5473], with thanks to @​kevineger for the contribution!
• Fix incorrect annotation placement for add_vline, add_hline, add_vrect, and add_hrect on datetime axes [#5508], with thanks to @​mosh3eb for the contribution!
• Update tests to be compatible with numpy 2.4 [#5522], with thanks to @​thunze for the contribution!
• Fix issue where js/ directory was unintentionally installed as a top-level Python package when installing plotly [#5587]
• Add default headers to be passed in to Kaleido v1.3.0 to avoid blocked Open Street Map tiles [#5588]
• Propagate the requested default_height/default_width to the outer wrapper div produced by to_html so that responsive (percentage) dimensions inherit from a sized parent container instead of collapsing to the plotly.js 450px fallback [#5591], with thanks to @​SharadhNaidu for the contribution!

Updated

• The __eq__ method for graph_objects classes now returns NotImplemented to give the other operand an opportunity to handle the comparison [#5547], with thanks to @​RazerM for the contribution!
• Update plotly.js from version 3.5.0 to version 3.6.0. See the plotly.js release notes for more information [#5608]. Notable changes include:
  • Add support for arrays for the pie property legendrank, so that it can be configured per slice [#7723]
  • Add hoversort layout attribute to sort unified hover label items by value [#7734]

Commits

• ea4eca8 Address PR feedback
• e57adbd Fix broken example
• b8c2bf4 Update Jupyter Lab extension files
• 2de1059 Update docs for release
• f94e304 Version changes for v6.8.0
• 7f2eb35 Merge pull request #5608 from plotly/cam/update-plotly.js-3.6.0
• f57cf96 Update command to run npm install for updateplotlyjs
• 1f26820 Update lock file
• 8f699a3 chore: Update plotly.js to v3.6.0
• f0755e5 Merge pull request #5605 from plotly/cam/pin-python-frontmatter
• Additional commits viewable in compare view

Updates bokeh from 3.9.0 to 3.9.1

Changelog

Sourced from bokeh's changelog.

2026-06-04 3.9.1:

• bugfixes:

  • #14944 Document().to_json() is not JSON serializable
  • #13477 [component: docs] Dev docs no longer report precise version information
  • #15041 range_padding of y_range is not updated when changed via CustomJS
  • #7297 [component: bokehjs] Invert Colorbar Axis
  • #15004 [component: bokehjs] Cannot update min_border of figure with CustomJS callback
  • #14869 [component: bokehjs] BoxAnnotation shows resize cursor by default
  • #8787 [component: bokehjs] vline hover misses some multi-lines
  • #13838 [BUG] Using array/list in line_dash for hspan doesn't work
  • #13509 [component: bokehjs] [BUG] Incorrectly formatted ticks with %N format when time is older than the Epoch
  • #14665 [component: bokehjs] [bokeh-3.8.0.min.js:405] Uncaught (in promise) RangeError: Maximum call stack size exceeded
  • #14491 [component: bokehjs] Legends are not synced with glyph visibility state
  • #14741 [component: bokehjs] Possible regression in muting of legend entries since v3.7.0
  • #14856 [component: bokehjs] Patches hover tooltip triggers inside holes (hit-testing doesn't account for NaN-separated holes)
  • #14855 [component: bokehjs] Canvas Patch fill doesn't respect holes (nonzero fill rule instead of evenodd)
  • #15080 [component: bokehjs] Bokeh plot frame height does not update when changed via slider
  • #15015 [component: bokehjs] Update of num_minor_ticks does not trigger a visual update of the plot
  • #14907 NaT is encoded as float(nan) by the serializer
  • #15116 [component: docs] Documentation of enums is broken in 3.10 branch
  • #15131 [component: build] Release build failed for non pre-release version

• features:

  • #14411 Adding a performance mode

• tasks:

  • #14922 [component: docs] Update dev section of switcher.json after 3.9 release
  • #15054 [component: docs] Building documentation with BOKEH_DOCS_CDN=local raises SphinxError
  • #15022 [component: docs] Fix wrong formatted code block directives
  • #14878 [component: docs] Toopltips are broken if special characters are in the source.data keys
  • #14962 [component: docs] Document().models.freeze() not documented
  • #15098 [component: docs] Add missing link and fix example for tex() in figure class
  • #14961 [component: tests] Make it possible to run the Python unit test run in parallel
  • #15089 Backports for 3.9.1

2026-03-11 3.9:

• bugfixes:
  • #14584 Div from bokeh.models.dom raisese ValueError in show call
  • #14724 Bokeh protocol doesn't use binary encoding in pull-doc-reply message
  • #14569 [component: bokehjs] Adjust overlay in case of 1D box zoom
  • #14799 [component: build] Compilation failing with whitespace in path
  • #13578 [component: tests] Unit tests are failing due to changes in pytest-asyncio
  • #14568 [component: bokehjs] [BUG] Wheel Zoom Tool and Categorical Axis Range
  • #14817 MyPy can crash on Bokeh 3.9.0.dev9 code
  • #14776 [component: bokehjs] Don't add BBox if an axis has fixed position
  Description has been truncated