deps(deps): bump the python-production group with 3 updates

[dependabot]

Updates the requirements on mutagen, numpy and redis to permit the latest version.
Updates mutagen to 1.48.0

Release notes

Sourced from mutagen's releases.

release-1.48.0

https://mutagen.readthedocs.io/en/latest/changelog.html#release-1-48-0

Changelog

Sourced from mutagen's changelog.

1.48.0 - 2026-06-22

• Drop Support for Python 3.7, 3.8 and 3.9 :pr:611 :pr:657 :pr:689
• ID3: Add salt attribute to APIC frames to allow multiple APIC frames with identical descriptions :pr:675
• ID3: Preserve order of APIC frames relative to each other when saving 🐛436 :pr:676
• ID3: Fix reading/writing v1.0 and v1.1 comment/track fields 🐛668 :pr:686
• ID3: Fix saving ID3v2 comment fields from COMM:desc:lang tags 🐛660 :pr:709
• ID3: Consider size of extended header when reading ID3 data 🐛630 :pr:631
• EasyID3: Fix handling of albumartistsort as TSO2 with TXXX:ALBUMARTISTSORT fallback for reading :pr:649
• MP3: do not fail on non-ASCII lame header version flags :pr:664
• OggOpus: Provide a bitrate property 🐛475 :pr:704
• MP4: Fall back to parsing length from mvhd if there is no trak info :pr:682
• MP4: Fix chapter timestamp parsing 🐛639 :pr:640
• OGG: Fix saving files with trailing null bytes 🐛591 :pr:674
• mid3v2: Fix --list-frames-v2.2 option 🐛669 :pr:683
• Set __cause__ on MutagenError to preserve exception chain 🐛703 :pr:710
• Explicitly define exports with __all__ in mutagen/__init__.py 🐛647 :pr:696
• docs: Fix code example for :class:flac.Picture :pr:673
• docs: Initial :doc:dev/index with implementation notes for ID3 :pr:633
• Switch from poetry to uv for development :pr:687
• Changed the default branch from master to main

.. _release-1.47.0:

1.47.0 - 2023-09-03

• ID3: Allow reading TYER tags in the form of "yyyy-mm-dd" :pr:597
• ID3: Handle negative extended header sizes :pr:607
• ID3: id3 frames fix bad cast due to str.isdigit :pr:616
• MP3: Auto-detect MP3 files without ID3 tags :pr:601
• WAVE: Extensible wave format support 🐛595 :pr:596
• WAVE, AIFF: Handle truncated IFF files 🐛496 :pr:517
• MP4: add a check for wrong offsets in mp4 files 🐛426 :pr:462
• FLAC: Fix cuesheet and seektable saving :pr:534
• TrueAudio: Read sample rate as unsigned and handle zero sample rate :pr:609
• docs: Fixed documentation for id3.ID3.save parameter v2_version
• docs: Make extlinks compatible with sphinx 6.0 :pr:590
• docs: Fixed various typos :pr:602
• Add some more type annotations :pr:622
• Various minor fixes for issues uncovered by oss-fuzz :pr:620 :pr:621 :pr:623

.. _release-1.46.0:

1.46.0 - 2022-10-09

... (truncated)

Commits

• 485f532 release
• 4d2a92f wavpack: use WavPackHeaderError in tests, avoid re-export import
• bdef87c mypy: enable no_implicit_reexport
• 2e6090b mypy: fix typing errors in the test suite
• 91d9f9e Updated NEWS
• 50576eb Merge pull request #649 from antlarr/fix-TSO2
• 5838d71 Added missing PR link to NEWS
• c4ec7c2 Update NEWS with changes pending for next release
• 94aeefe Fix MP4 Chapter timestamp parsing
• d36aaec MP4: Fall back to parsing length from mvhd if there is no trak info
• Additional commits viewable in compare view

Updates numpy to 2.5.0

Release notes

Sourced from numpy's releases.

v2.5.0 (June 21, 2026)

NumPy 2.5.0 Release Notes

Numpy 2.5.0 is a transitional release. It drops support for Python 3.11, marking the end of distutils, and expires a large number of deprecations made in the 2.0.x release. It also improves free threading and brings sorting into compliance with the array-api standard with the addition of descending sorts. There is also a fair amount of preparation for Python 3.15, which will be supported starting with the first rc.

This release supports Python versions 3.12-3.14.

Highlights

• Distutils has been removed,
• Many expired deprecations, see below,
• Many new deprecations, see below,
• Many static typing improvements.
• Improved support for free threading,
• Support for descending sorts,

See New Features below for other additions.

Deprecations

• numpy.char.chararray is deprecated. Use an ndarray with a string or bytes dtype instead.

  (gh-30605)

• numpy.take now correctly checks if the result can be cast to the provided out=out under the same-kind rule. A DeprecationWarning is given now when this check fails. Previously, take incorrectly checked if out could be cast to the result (the wrong direction). This deprecation also affects compress and possibly other functions. (Future versions of NumPy may tighten the casting check further.)

  (gh-30615)

• The numpy.char.[as]array functions are deprecated. Use an numpy.[as]array with a string or bytes dtype instead.

  (gh-30802)

• Setting the dtype attribute is deprecated because mutating an array is unsafe if an array is shared, especially by multiple threads. As an alternative, you can create a view with a new dtype via array.view(dtype=new_dtype).

  (gh-29244)

... (truncated)

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.4.0 release on Linux, which will be the first feature release using the numpy/numpy-release <https://github.com/numpy/numpy-release>__ repository.

The commands can be copied into the command line, but be sure to replace 2.4.0 with the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

• Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, multiple config and CI files need to be edited in addition to changing the minimum version in pyproject.toml. Make these changes in an ordinary PR against main and backport if necessary. We currently release wheels for new Python versions after the first Python RC once manylinux and cibuildwheel support that new Python version.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.4.x branch.

Update 2.4.0 milestones

Look at the issues/prs with 2.4.0 milestones and either push them off to a later version, or maybe remove the milestone. You may need to add a milestone.

Check the numpy-release repo

... (truncated)

Commits

• 6910b28 Merge pull request #31706 from charris/prepare-2.5.0-release
• e0acd2b REL: Prepare for the NumPy 2.5.0 release.
• 8d928b7 Merge pull request #31704 from charris/backport-31649
• c2055ba MAINT: update openblas to 0.3.33.112.0 (#31649)
• ce17c81 Merge pull request #31703 from charris/backport-31609
• 3de6203 BUG: fix StringDType distinct-allocator bugs and add tests (#31609)
• c723971 Merge pull request #31700 from charris/backport-31694
• 64513b2 MAINT: Bump pypa/cibuildwheel from 3.4.1 to 4.1.0
• 04707f0 Merge pull request #31698 from charris/try-fix-emscripten
• 5cf0686 MAINT: Try to fix emscripten wheel build.
• Additional commits viewable in compare view

Updates redis to 8.0.0

Release notes

Sourced from redis's releases.

8.0.0

Changes

🚀 Highlights

Async Cluster PubSub

This release introduces full asyncio Cluster PubSub support, bringing shard-channel capabilities (SSUBSCRIBE, SUNSUBSCRIBE, SPUBLISH) to the async RedisCluster client. The new ClusterPubSub class in redis.asyncio.cluster automatically routes shard-channel subscriptions to the correct cluster node based on key-slot hashing, manages per-node PubSub connections, and supports round-robin message retrieval across nodes. Users can create a cluster pubsub instance via RedisCluster.pubsub() and use ssubscribe(), sunsubscribe(), and get_sharded_message() just as they would with the sync cluster client.

Keyspace and subkey notifications

Redis Keyspace Notifications are now supported for standalone and cluster deployments in both sync and async modes. New classes — KeyspaceNotifications, ClusterKeyspaceNotifications, AsyncKeyspaceNotifications, and AsyncClusterKeyspaceNotifications — provide a high-level API for keyspace/keyevent subscriptions and subkey notification families: subkeyspace, subkeyevent, subkeyspaceitem, and subkeyspaceevent. Convenience methods like subscribe_keyspace(), subscribe_keyevent(), subscribe_subkeyspace(), subscribe_subkeyevent(), subscribe_subkeyspaceitem(), and subscribe_subkeyspaceevent() simplify common patterns, with channel classes for both key and subkey channels.

In cluster mode, subscriptions are managed across primary nodes because each node emits notifications only for keys it owns, with built-in topology-change handling. Sync run_in_thread() and async listen() workflows are supported.

Redis Array commands(https://redis.io/docs/latest/develop/data-types/arrays/)

redis-py now supports Redis Arrays, a preview Redis data type for sparse, index-addressable sequences of strings. New AR* command helpers cover indexed reads/writes, range scans, deletion, cursor-based insertion, ring-buffer writes, metadata, text search, and aggregation, including ARGET, ARSET, ARMGET, ARMSET, ARSCAN, ARGREP, ARRING, and AROP.

Type Hints Improvements (breaking changes)

The @overload pattern has been applied systematically across core commands (core.py), VectorSet commands, and module commands (Search, JSON, TimeSeries, Bloom filters) to provide distinct return types for sync and async clients. Previously, methods returned a combined ResponseT (i.e., Union[Awaitable[Any], Any]), which caused static analysis tools like mypy and Pyright to flag false positives. Now, sync clients see concrete return types (e.g., int, bool, list[str]) while async clients see Awaitable[...] wrappers. This is a breaking change for type-checking only—runtime behavior is unchanged, but code relying on the old union return types in type annotations may need updates. Two new protocol types, SyncClientProtocol and AsyncClientProtocol, are used in overload signatures to enable this distinction.

RESP3 by default with opt-in unified responses

redis-py 8.0.0 now uses RESP3 on the wire by default while preserving legacy RESP2-compatible Python response shapes for existing applications (#4052). Protocol-independent unified response shapes are available by setting legacy_responses=False, so affected commands return the same Python structure with RESP2 or RESP3.

Use protocol=2 to force RESP2 on the wire, protocol=3 to opt into native RESP3 response shapes, or legacy_responses=False to migrate to unified responses. See https://github.com/redis/redis-py/blob/HEAD/docs/unified_responses.rst and https://github.com/redis/redis-py/blob/HEAD/specs/unified_responses_migration_guide.md for the affected commands and migration details.

Connection and retry defaults

Default connection settings were updated: socket_timeout and socket_connect_timeout now default to 5 seconds, TCP keepalive is enabled by default, socket reads use a 32 KB buffer, connection pools default to max_connections=100, and retry defaults now use 10 attempts with exponential jitter backoff.

Note: socket_timeout can affect blocking commands such as BLPOP/BRPOP; if a command blocks longer than the client socket timeout, it may raise TimeoutError before the command timeout elapses (#2807).

🧪 Experimental Features

• Added support for new array commands (#4055)

🚀 New Features

• Support Cluster PubSub in asyncio (#3736)
• Add Redis Keyspace Notifications Support for Redis Cluster (#3962)
• Add random load balancing strategy which allows for use of the primary (#4027)
• Add FPHA (floating-point homogeneous array) arg support to JSON.SET (#4011)
• Added custom Claude command + XNACK command support (#4030)
• Adding Time Series Multiple Aggregators support (#4035)
• Adding support for new COUNT aggregator for some sorted set commands - ZINTER, ZINTERSTORE, ZUNION, ZUNIONSTORE (#4034)
• Adding support for new INCREX command (#4067 #4077)
• Add support for PubSub subscriptions with binary channel names and handlers (#4068)

... (truncated)

Commits

• 733f80e Updates in default connection and retry settings (#4082)
• a68a16c Updating Redis supported versions in README.md and lib version to 8.0.0
• 43a41d3 Updating INCREX command arg - SATURATE now controls overflow behaviour (#4077)
• 1496deb Preserve explicit None for client metadata config (#4081)
• 57dc08c Avoid zero-timeout async reads in hiredis connections readiness checks and re...
• cd54ddd fix(typing): correct type annotation for XReadResponse (#4046)
• ab2d41f Add support for PubSub subscriptions with binary channel names and handlers (...
• ef24dc9 Randomize cluster startup node order during topology refresh (#4060)
• b604015 Add CLAUDE.md and /sync-claude-md skill for managing (#4066)
• 2b8b4fc Fix flaky tests (#4071)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions