Bump distributed from 2024.12.1 to 2026.1.1 in /dockerfiles/jupyter

[dependabot]

User description

Bumps distributed from 2024.12.1 to 2026.1.1.

Release notes

Sourced from distributed's releases.

2026.1.1

Changes

• No changes

See the Changelog for more information.

2026.1.0

Changes

• Bump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 @dependabot[bot] (#9177)
• Clean up obsolete pins in CI @​crusaderky (#9172)
• Fix incompatibility of pyparsing vs. packaging in mindeps CI @​crusaderky (#9170)
• Bump mypy; fix mypy failure @​crusaderky (#9171)
• Bump actions/upload-artifact from 5 to 6 @dependabot[bot] (#9166)
• Bump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 @dependabot[bot] (#9167)
• Bump actions/cache from 4 to 5 @dependabot[bot] (#9168)

See the Changelog for more information.

2025.12.0

Changes

• Typing fixes @​jacobtomlinson (#9159)
• Explicit setuptools-scm minimum version @​jacobtomlinson (#9160)
• Enforce ruff rules (RUF) @​DimitriPapadopoulos (#9153)
• Clean up MANIFEST.in @​DimitriPapadopoulos (#9149)
• isort → ruff @​DimitriPapadopoulos (#9152)
• Ruff supersedes absolufy-imports @​DimitriPapadopoulos (#9154)
• Bump minimum supported toolz to 0.12.0 @​jrbourbeau (#9151)
• flake8, bugbear, pyupgrade → ruff @​DimitriPapadopoulos (#9147)
• Fix typos found by codespell @​DimitriPapadopoulos (#9145)
• Clean up setuptools-specific configuration @​DimitriPapadopoulos (#9150)
• PEP 639 compliance @​DimitriPapadopoulos (#9146)
• Update black @​DimitriPapadopoulos (#9148)
• Fix empty progress bar @​jacobtomlinson (#9144)
• Bump JamesIves/github-pages-deploy-action from 4.7.3 to 4.7.4 @dependabot[bot] (#9139)
• Exclude broken tblib versions in CI @​jacobtomlinson (#9141)

See the Changelog for more information.

2025.11.0

Changes

• Replace versioneer with setuptools-scm @​jacobtomlinson (#9137)
• Adapt worker and nanny to ipv6 @​csfldf (#9133)
• Fix CI Multiple aliased keys in file /Users/runner/.condarc @​jacobtomlinson (#9136)
• Remove pip pin for docs @​jrbourbeau (#9132)
• Bump actions/upload-artifact from 4 to 5 @dependabot[bot] (#9130)
• Remove UCX configuration schema @​pentschev (#9127)

... (truncated)

Commits

• 1b69958 Version 2026.1.1
• ab72092 Merge commit from fork
• f4cfecc Bump JamesIves/github-pages-deploy-action from 4.7.6 to 4.8.0 (#9177)
• 9e135d2 Clean up obsolete pins in CI (#9172)
• 5da04d0 Fix incompatibility of pyparsing vs. packaging in mindeps CI (#9170)
• 7fc0080 Bump mypy; fix mypy failure (#9171)
• 06f59c2 Bump actions/upload-artifact from 5 to 6 (#9166)
• 41bcd61 Bump JamesIves/github-pages-deploy-action from 4.7.4 to 4.7.6 (#9167)
• 1426137 Bump actions/cache from 4 to 5 (#9168)
• f67b890 Version 2025.12.0
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.

---

PR Type

Dependencies

---

Description

• Bump distributed to 2026.1.1

• Update pinned hashes accordingly

---

Diagram Walkthrough

flowchart LR
  lockfile["locked-requirements.txt"]
  dist_old["distributed 2024.12.1"]
  dist_new["distributed 2026.1.1"]
  hashes["Update SHA256 hashes"]

  lockfile -- replace --> dist_new
  dist_old -- removed --> lockfile
  dist_new -- requires --> hashes

Loading

File Walkthrough

	Relevant files
Dependencies	locked-requirements.txt Update distributed pin and hashes                                                dockerfiles/jupyter/locked-requirements.txt Upgrade distributed 2024.12.1 -> 2026.1.1 Replace two SHA256 hashes for new version Keep comment linking to extras-requirements.txt +3/-3

---

[pull-request-agent]

PR Reviewer Guide 🔍

Here are some key observations to aid the review process:

⏱️ Estimated effort to review: 1 🔵⚪⚪⚪⚪

🧪 No relevant tests

🔒 Security concerns Supply chain integrity: Ensure the new pinned version and its hashes are validated and that dependency resolution does not pull in vulnerable transitive packages.

⚡ Recommended focus areas for review Integrity Hashes Verify the provided sha256 hashes correspond exactly to the distributed==2026.1.1 wheels/source expected for your target platforms to avoid supply-chain or resolution issues. distributed==2026.1.1 \ --hash=sha256:3d2709a43912797df3c345af3bb333bbf1a386ec1e9e6a134e5f050521373dbd \ --hash=sha256:506759b1ed88e45e12ba65e2a429de9911862db55d27dd8bb293c6268430374e Compatibility Check that the new distributed version remains compatible with the pinned dask version and any plugins/extensions used in the Jupyter image. distributed==2026.1.1 \ --hash=sha256:3d2709a43912797df3c345af3bb333bbf1a386ec1e9e6a134e5f050521373dbd \ --hash=sha256:506759b1ed88e45e12ba65e2a429de9911862db55d27dd8bb293c6268430374e

[pull-request-agent]

PR Code Suggestions ✨

No code suggestions found for the PR.