deps(deps): bump the python-production group with 2 updates

[dependabot]

Updates the requirements on mutagen and numpy to permit the latest version.
Updates mutagen to 1.48.0

Release notes

Sourced from mutagen's releases.

release-1.48.0

https://mutagen.readthedocs.io/en/latest/changelog.html#release-1-48-0

Changelog

Sourced from mutagen's changelog.

1.48.0 - 2026-06-22

• Drop Support for Python 3.7, 3.8 and 3.9 :pr:611 :pr:657 :pr:689
• ID3: Add salt attribute to APIC frames to allow multiple APIC frames with identical descriptions :pr:675
• ID3: Preserve order of APIC frames relative to each other when saving 🐛436 :pr:676
• ID3: Fix reading/writing v1.0 and v1.1 comment/track fields 🐛668 :pr:686
• ID3: Fix saving ID3v2 comment fields from COMM:desc:lang tags 🐛660 :pr:709
• ID3: Consider size of extended header when reading ID3 data 🐛630 :pr:631
• EasyID3: Fix handling of albumartistsort as TSO2 with TXXX:ALBUMARTISTSORT fallback for reading :pr:649
• MP3: do not fail on non-ASCII lame header version flags :pr:664
• OggOpus: Provide a bitrate property 🐛475 :pr:704
• MP4: Fall back to parsing length from mvhd if there is no trak info :pr:682
• MP4: Fix chapter timestamp parsing 🐛639 :pr:640
• OGG: Fix saving files with trailing null bytes 🐛591 :pr:674
• mid3v2: Fix --list-frames-v2.2 option 🐛669 :pr:683
• Set __cause__ on MutagenError to preserve exception chain 🐛703 :pr:710
• Explicitly define exports with __all__ in mutagen/__init__.py 🐛647 :pr:696
• docs: Fix code example for :class:flac.Picture :pr:673
• docs: Initial :doc:dev/index with implementation notes for ID3 :pr:633
• Switch from poetry to uv for development :pr:687
• Changed the default branch from master to main

.. _release-1.47.0:

1.47.0 - 2023-09-03

• ID3: Allow reading TYER tags in the form of "yyyy-mm-dd" :pr:597
• ID3: Handle negative extended header sizes :pr:607
• ID3: id3 frames fix bad cast due to str.isdigit :pr:616
• MP3: Auto-detect MP3 files without ID3 tags :pr:601
• WAVE: Extensible wave format support 🐛595 :pr:596
• WAVE, AIFF: Handle truncated IFF files 🐛496 :pr:517
• MP4: add a check for wrong offsets in mp4 files 🐛426 :pr:462
• FLAC: Fix cuesheet and seektable saving :pr:534
• TrueAudio: Read sample rate as unsigned and handle zero sample rate :pr:609
• docs: Fixed documentation for id3.ID3.save parameter v2_version
• docs: Make extlinks compatible with sphinx 6.0 :pr:590
• docs: Fixed various typos :pr:602
• Add some more type annotations :pr:622
• Various minor fixes for issues uncovered by oss-fuzz :pr:620 :pr:621 :pr:623

.. _release-1.46.0:

1.46.0 - 2022-10-09

... (truncated)

Commits

• 485f532 release
• 4d2a92f wavpack: use WavPackHeaderError in tests, avoid re-export import
• bdef87c mypy: enable no_implicit_reexport
• 2e6090b mypy: fix typing errors in the test suite
• 91d9f9e Updated NEWS
• 50576eb Merge pull request #649 from antlarr/fix-TSO2
• 5838d71 Added missing PR link to NEWS
• c4ec7c2 Update NEWS with changes pending for next release
• 94aeefe Fix MP4 Chapter timestamp parsing
• d36aaec MP4: Fall back to parsing length from mvhd if there is no trak info
• Additional commits viewable in compare view

Updates numpy to 2.5.0

Release notes

Sourced from numpy's releases.

v2.5.0 (June 21, 2026)

NumPy 2.5.0 Release Notes

Numpy 2.5.0 is a transitional release. It drops support for Python 3.11, marking the end of distutils, and expires a large number of deprecations made in the 2.0.x release. It also improves free threading and brings sorting into compliance with the array-api standard with the addition of descending sorts. There is also a fair amount of preparation for Python 3.15, which will be supported starting with the first rc.

This release supports Python versions 3.12-3.14.

Highlights

• Distutils has been removed,
• Many expired deprecations, see below,
• Many new deprecations, see below,
• Many static typing improvements.
• Improved support for free threading,
• Support for descending sorts,

See New Features below for other additions.

Deprecations

• numpy.char.chararray is deprecated. Use an ndarray with a string or bytes dtype instead.

  (gh-30605)

• numpy.take now correctly checks if the result can be cast to the provided out=out under the same-kind rule. A DeprecationWarning is given now when this check fails. Previously, take incorrectly checked if out could be cast to the result (the wrong direction). This deprecation also affects compress and possibly other functions. (Future versions of NumPy may tighten the casting check further.)

  (gh-30615)

• The numpy.char.[as]array functions are deprecated. Use an numpy.[as]array with a string or bytes dtype instead.

  (gh-30802)

• Setting the dtype attribute is deprecated because mutating an array is unsafe if an array is shared, especially by multiple threads. As an alternative, you can create a view with a new dtype via array.view(dtype=new_dtype).

  (gh-29244)

... (truncated)

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.4.0 release on Linux, which will be the first feature release using the numpy/numpy-release <https://github.com/numpy/numpy-release>__ repository.

The commands can be copied into the command line, but be sure to replace 2.4.0 with the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

• Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, multiple config and CI files need to be edited in addition to changing the minimum version in pyproject.toml. Make these changes in an ordinary PR against main and backport if necessary. We currently release wheels for new Python versions after the first Python RC once manylinux and cibuildwheel support that new Python version.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.4.x branch.

Update 2.4.0 milestones

Look at the issues/prs with 2.4.0 milestones and either push them off to a later version, or maybe remove the milestone. You may need to add a milestone.

Check the numpy-release repo

... (truncated)

Commits

• 6910b28 Merge pull request #31706 from charris/prepare-2.5.0-release
• e0acd2b REL: Prepare for the NumPy 2.5.0 release.
• 8d928b7 Merge pull request #31704 from charris/backport-31649
• c2055ba MAINT: update openblas to 0.3.33.112.0 (#31649)
• ce17c81 Merge pull request #31703 from charris/backport-31609
• 3de6203 BUG: fix StringDType distinct-allocator bugs and add tests (#31609)
• c723971 Merge pull request #31700 from charris/backport-31694
• 64513b2 MAINT: Bump pypa/cibuildwheel from 3.4.1 to 4.1.0
• 04707f0 Merge pull request #31698 from charris/try-fix-emscripten
• 5cf0686 MAINT: Try to fix emscripten wheel build.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions