Bump the pip group across 1 directory with 19 updates #3

dependabot · 2025-04-15T23:46:38Z

Bumps the pip group with 18 updates in the /demos/palm/python/docs-agent directory:

Package	From	To
black	`23.12.0`	`24.3.0`
flask-cors	`3.0.10`	`4.0.2`
certifi	`2023.11.17`	`2024.7.4`
idna	`3.6`	`3.7`
jinja2	`3.1.2`	`3.1.6`
keras	`2.9.0`	`3.9.0`
nltk	`3.8.1`	`3.9.1`
pillow	`10.1.0`	`10.3.0`
requests	`2.31.0`	`2.32.2`
scikit-learn	`1.3.2`	`1.5.1`
setuptools	`69.0.2`	`70.0.0`
starlette	`0.27.0`	`0.40.0`
torch	`2.1.1`	`2.6.0`
tqdm	`4.66.1`	`4.66.3`
transformers	`4.36.0`	`4.48.0`
urllib3	`2.1.0`	`2.2.2`
werkzeug	`3.0.1`	`3.0.6`
zipp	`3.17.0`	`3.19.1`

Updates black from 23.12.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

Don't move comments along with delimiters, which could cause crashes (#4248)

Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)

Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)

Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)

Checking for newline before adding one on docstring that is almost at the line limit (#4185)

Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

Don't move comments along with delimiters, which could cause crashes (#4248)

Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)

Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)

Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)

Checking for newline before adding one on docstring that is almost at the line limit (#4185)

Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

552baf8 Prepare release 24.3.0 (#4279)
f000936 Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)
7b5a657 Fix --line-ranges behavior when ranges are at EOF (#4273)
1abcffc Use regex where we ignore case on windows (#4252)
719e674 Fix 4227: Improve documentation for --quiet --check (#4236)
e5510af update plugin url for Thonny (#4259)
6af7d11 Fix AST safety check false negative (#4270)
f03ee11 Ensure blib2to3.pygram is initialized before use (#4224)
e4bfedb fix: Don't move comments while splitting delimiters (#4248)
d0287e1 Make trailing comma logic more concise (#4202)
Additional commits viewable in compare view

Updates flask-cors from 3.0.10 to 4.0.2

Release notes

Sourced from flask-cors's releases.

4.0.2

What's Changed

Bump requests from 2.31.0 to 2.32.0 in /docs by @dependabot in corydolphin/flask-cors#358

Backwards Compatible Fix for CVE-2024-6221 by @adrianosela in corydolphin/flask-cors#363

Add unit tests for Private-Network by @corydolphin in corydolphin/flask-cors#367

New Contributors

@dependabot made their first contribution in corydolphin/flask-cors#358

@adrianosela made their first contribution in corydolphin/flask-cors#363

Full Changelog: corydolphin/flask-cors@4.0.1...4.0.2

4.0.1

What's Changed

Fix Read the Docs builds by @kurtmckee in corydolphin/flask-cors#345

Update extension.py to clean request.path before logging it by @aneshujevic in corydolphin/flask-cors#351

Update CI to include Python 3.12 and flask 3.0.3 by @corydolphin in corydolphin/flask-cors#354

Release 4.0.1 by @corydolphin in corydolphin/flask-cors#353

New Contributors

@kurtmckee made their first contribution in corydolphin/flask-cors#345

@aneshujevic made their first contribution in corydolphin/flask-cors#351

Full Changelog: corydolphin/flask-cors@4.0.0...4.0.1

Release 4.0.0

What's Changed

Remove support for Python versions older than 3.8 by @WAKayser in corydolphin/flask-cors#330

Add GHA tooling by @corydolphin in corydolphin/flask-cors#331

New Contributors

@WAKayser made their first contribution in corydolphin/flask-cors#330

Full Changelog: corydolphin/flask-cors@3.1.01...v4.0.0

3.1.01

What's Changed

Include examples to specify that schema and port must be included in … by @YPCrumble in corydolphin/flask-cors#294

two small changes to the documentation, based on issue #290 by @bbbart in corydolphin/flask-cors#291

Fix typo by @sunarch in corydolphin/flask-cors#304

FIX: typo in CSRF by @sattamjh in corydolphin/flask-cors#315

Test against recent Python versions by @pylipp in corydolphin/flask-cors#314

Correct spelling mistakes by @EdwardBetts in corydolphin/flask-cors#311

'Access-Control-Allow-Private-Network = true' header for http response by @chelo-kjml in corydolphin/flask-cors#318

docs: Fix a few typos by @timgates42 in corydolphin/flask-cors#323

[Docs] Fix typo in configuration documentation by @sachit-shroff in corydolphin/flask-cors#316

Release Version 3.1.01 by @corydolphin in corydolphin/flask-cors#329

New Contributors

@YPCrumble made their first contribution in corydolphin/flask-cors#294

... (truncated)

Changelog

Sourced from flask-cors's changelog.

Change Log

4.0.1

Security

Address CVE-2024-1681 which is a log injection vulnerability when the log level is set to debug by @aneshujevic in corydolphin/flask-cors#351

4.0.0

Remove support for Python versions older than 3.8 by @WAKayser in corydolphin/flask-cors#330

Add GHA tooling by @corydolphin in corydolphin/flask-cors#331

3.1.01

Include examples to specify that schema and port must be included in … by @YPCrumble in corydolphin/flask-cors#294

two small changes to the documentation, based on issue #290 by @bbbart in corydolphin/flask-cors#291

Fix typo by @sunarch in corydolphin/flask-cors#304

FIX: typo in CSRF by @sattamjh in corydolphin/flask-cors#315

Test against recent Python versions by @pylipp in corydolphin/flask-cors#314

Correct spelling mistakes by @EdwardBetts in corydolphin/flask-cors#311

'Access-Control-Allow-Private-Network = true' header for http response by @chelo-kjml in corydolphin/flask-cors#318

docs: Fix a few typos by @timgates42 in corydolphin/flask-cors#323

[Docs] Fix typo in configuration documentation by @sachit-shroff in corydolphin/flask-cors#316

Commits

561ed26 Add unit tests for Private-Network (#367)
7ae310c Backwards Compatible Fix for CVE-2024-6221 (#363)
f25c6b2 --- (#358)
1df178c Release 0.4.1 (#353)
5090b4a Update CI to include Python 3.12 and flask 3.0.3 (#354)
6172c20 Update extension.py to clean request.path before logging it (#351)
cadade9 Fix Read the Docs builds (#345)
40acc80 Update CHANGELOG to reflect 4.0.0 release (#335)
dbabb27 Testing: Move from deprecated assertEquals to assertEqual (#332)
0b74401 Convert CI to use GHA (#331)
Additional commits viewable in compare view

Updates certifi from 2023.11.17 to 2024.7.4

Commits

bd81538 2024.07.04 (#295)
06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
124f4ad 2024.06.02 (#291)
c2196ce --- (#290)
fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
Additional commits viewable in compare view

Updates idna from 3.6 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Commits

1d365e1 Release v3.7
c1b3154 Merge pull request #172 from kjd/optimize-contextj
0394ec7 Merge branch 'master' into optimize-contextj
cd58a23 Merge pull request #152 from elliotwutingfeng/dev
5beb28b More efficient resolution of joiner contexts
1b12148 Update ossf/scorecard-action to v2.3.1
d516b87 Update Github actions/checkout to v4
c095c75 Merge branch 'master' into dev
60a0a4c Fix typo in GitHub Actions workflow key
5918a0e Merge branch 'master' into dev
Additional commits viewable in compare view

Updates jinja2 from 3.1.2 to 3.1.6

Release notes

Sourced from jinja2's releases.

3.1.6

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h

Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699

Sandbox does not allow clear and pop on known mutable sequence types. #2032

Calling sync render for an async template uses asyncio.run. #1952

Avoid unclosed auto_aiter warnings. #1960

Return an aclose-able AsyncGenerator from Template.generate_async. #1960

Avoid leaving root_render_func() unclosed in Template.generate_async. #1960

Avoid leaving async generators unclosed in blocks, includes and extends. #1960

The runtime uses the correct concat function for the current environment when calling block references. #1701

Make |unique async-aware, allowing it to be used after another async-aware filter. #1781

|int filter handles OverflowError from scientific notation. #1921

Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021

Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025

Fix copy/pickle support for the internal missing object. #2027

Environment.overlay(enable_async) is applied correctly. #2061

The error message from FileSystemLoader includes the paths that were searched. #1661

PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705

Improve annotations for methods returning copies. #1880

urlize does not add mailto: to values like @a@b. #1870

Tests decorated with @pass_context can be used with the |select filter. #1624

Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413

Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.

... (truncated)

Changelog

Sourced from jinja2's changelog.

Version 3.1.6

Released 2025-03-05

The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Version 3.1.5

Released 2024-12-21

The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h

Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699

Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032

Calling sync render for an async template uses asyncio.run. :pr:1952

Avoid unclosed auto_aiter warnings. :pr:1960

Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960

Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960

Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960

The runtime uses the correct concat function for the current environment when calling block references. :issue:1701

Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781

|int filter handles OverflowError from scientific notation. :issue:1921

Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021

Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025

Fix copy/pickle support for the internal missing object. :issue:2027

Environment.overlay(enable_async) is applied correctly. :pr:2061

The error message from FileSystemLoader includes the paths that were searched. :issue:1661

PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705

Improve annotations for methods returning copies. :pr:1880

urlize does not add mailto: to values like @a@b. :pr:1870

... (truncated)

Commits

1520688 release version 3.1.6
90457bb Merge commit from fork
065334d attr filter uses env.getattr
033c200 start version 3.1.6
bc68d4e use global contributing guide (#2070)
247de5e use global contributing guide
ab8218c use project advisory link instead of global
b4ffc8f release version 3.1.5 (#2066)
877f6e5 release version 3.1.5
8d58859 remove test pypi
Additional commits viewable in compare view

Updates keras from 2.9.0 to 3.9.0

Release notes

Sourced from keras's releases.

Keras 3.9.0

New features

Add new Keras rematerialization API: keras.RematScope and keras.remat. It can be used to turn on rematerizaliation for certain layers in fine-grained manner, e.g. only for layers larger than a certain size, or for a specific set of layers, or only for activations.

Increase op coverage for OpenVINO backend.

New operations:

keras.ops.rot90

keras.ops.rearrange (Einops-style)

keras.ops.signbit

keras.ops.polar

keras.ops.image.perspective_transform

keras.ops.image.gaussian_blur

New layers:

keras.layers.RMSNormalization

keras.layers.AugMix

keras.layers.CutMix

keras.layers.RandomInvert

keras.layers.RandomErasing

keras.layers.RandomGaussianBlur

keras.layers.RandomPerspective

Minor additions:

Add support for dtype argument to JaxLayer and FlaxLayer layers

Add boolean input support to BinaryAccuracy metric

Add antialias argument to keras.layers.Resizing layer.

Security fix: disallow object pickling in saved npz model files (numpy format). Thanks to Peng Zhou for reporting the vulnerability.

New Contributors

@harshaljanjani made their first contribution in keras-team/keras#20745

@doncarlos999 made their first contribution in keras-team/keras#20641

@sonali-kumari1 made their first contribution in keras-team/keras#20775

@jurca made their first contribution in keras-team/keras#20810

@zskendall made their first contribution in keras-team/keras#20805

@apehex made their first contribution in keras-team/keras#20803

@nikolasavic3 made their first contribution in keras-team/keras#20896

@ibraaaa made their first contribution in keras-team/keras#20926

@AsVoider made their first contribution in keras-team/keras#20921

@abheesht17 made their first contribution in keras-team/keras#20932

@Mohamed-Ashraf273 made their first contribution in keras-team/keras#20934

@kuanxian1 made their first contribution in keras-team/keras#20951

@praveenhosdrug123 made their first contribution in keras-team/keras#20916

Full Changelog: keras-team/keras@v3.8.0...v3.9.0

Keras 3.8.0

New: OpenVINO backend

OpenVINO is now available as an infererence-only Keras backend. You can start using it by setting the backend field to "openvino" in your keras.json config file.

... (truncated)

Commits

eb1f844 Fix Discretization serialization when num_bins is used. (#20971)
19b1418 Enable cuDNN RNNs when dropout is set and training=True (#20983)
465a3d2 Update version number
2688bfc Fix docstring
ff427e5 [Keras Ops and Layer] Add keras.ops.rms_norm() and keras.layers.RMSNormalizat...
f7115c2 Fix PyTorch stateful RNN/LSTM gradient computation error resolves #20875 (#20...
7a7bca6 [OpenVINO backend] Support numpy.append (#20951)
c356cae Bump the github-actions group with 3 updates (#20975)
0902ff4 [OpenVino BackEnd]support np.count_nonzero for ov BackEnd (#20945)
21c8997 Make gaussian_blur to use scipy convolve2d (#20974)
Additional commits viewable in compare view

Updates nltk from 3.8.1 to 3.9.1

Changelog

Sourced from nltk's changelog.

Version 3.9.2 2025-03-10

Minor fixes including:

properly initialize Portuguese corpus reader

support for mixed rules conversion into Chomsky Normal Form

only import tkinter if a GUI is needed

issue #2112 with Corenlp

new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL

Lesk defaults to most frequent sense in case of ties

Thanks to the following contributions to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq

Version 3.9.1 2024-08-19

Fixed bug that prevented wordnet from loading

Version 3.9 2024-08-18

Fix security vulnerability CVE-2024-39705 (breaking change)

Replace pickled models (punkt, chunker, taggers) by new pickle-free "_tab" packages

No longer sort Wordnet synsets and relations (sort in calling function when required)

Only strip the last suffix in Wordnet Morphy, thus restricting synsets() results

Add Python 3.12 support

Many other minor fixes

Thanks to the following contributors to 3.8.2: Tom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins, Eric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.

Version 3.8.1 2023-01-02

Resolve RCE vulnerability in localhost WordNet Browser (#3100)

Remove unused tool scripts (#3099)

Resolve XSS vulnerability in localhost WordNet Browser (#3096)

Add Python 3.11 support (#3090)

Thanks to the following contributors to 3.8.1: Francis Bond, John Vandenberg, Tom Aarsen

Version 3.8 2022-12-12

Refactor dispersion plot (#3082)

Provide type hints for LazyCorpusLoader variables (#3081)

Throw warning when LanguageModel is initialized with incorrect vocabulary (#3080)

Fix WordNet's all_synsets() function (#3078)

Resolve TreebankWordDetokenizer inconsistency with end-of-string contractions (#3070)

Support both iso639-3 codes and BCP-47 language tags (#3060)

Avoid DeprecationWarning in Regexp tokenizer (#3055)

Fix many doctests, add doctests to CI (#3054, #3050, #3048)

Fix bool field not being read in VerbNet (#3044)

... (truncated)

Commits

aca78cb Bump version to 3.9.1
980f435 Merge branch 'develop' of https://github.com/nltk/nltk into develop
24936a2 Bump version to 3.9
04d6a55 Merge pull request #3145 from ekaf/hotfix-3072
4fb225b Merge pull request #3225 from ekaf/morphy
344164b Merge pull request #3307 from ekaf/https_download
f77e898 Ensure https download
c222897 Merge branch 'develop' of https://github.com/nltk/nltk into develop
34c3a4a Merge branch 'develop' of https://github.com/nltk/nltk into develop
253dd3a add black
Additional commits viewable in compare view

Updates pillow from 10.1.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Deprecations

Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [@hugovk]

Deprecate ImageCms constants and versions() function #7702 [@nulano]

Changes

CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@hugovk]

Use functools.lru_cache for hopper() #7912 [@hugovk]

Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [@radarhere]

Improve speed of loading QOI images #7925 [@radarhere]

Added RGB to I;16N conversion #7920 [@radarhere]

Add --report argument to main.py to omit supported formats #7818 [@nulano]

Added RGB to I;16, I;16L and I;16B conversion #7918 [@radarhere]

Fix editable installation with custom build backend and configuration options #7658 [@nulano]

Fix putdata() for I;16N on big-endian #7209 [@Yay295]

Determine MPO size from markers, not EXIF data #7884 [@radarhere]

Improved conversion from RGB to RGBa, LA and La #7888 [@radarhere]

Support FITS images with GZIP_1 compression #7894 [@radarhere]

Use I;16 mode for 9-bit JPEG 2000 images #7900 [@scaramallion]

Raise ValueError if kmeans is negative #7891 [@radarhere]

Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [@radarhere]

Raise ValueError for negative values when loading P1-P3 PPM images #7882 [@radarhere]

Added reading of JPEG2000 palettes #7870 [@radarhere]

Added alpha_quality argument when saving WebP images #7872 [@radarhere]

Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881 [@radarhere]

Removed Python and NumPy pinning on Cygwin #7880 [@radarhere]

Update UnidentifiedImageError and version imports #7644 [@radarhere]

Stop reading EPS image at EOF marker #7753 [@radarhere]

PSD layer co-ordinates may be negative #7706 [@radarhere]

Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [@radarhere]

When saving GIF frame that restores to background color, do not fill identical pixels #7788 [@radarhere]

Fixed reading PNG iCCP compression method #7823 [@radarhere]

Allow writing IFDRational to UNDEFINED tag #7840 [@radarhere]

Fix logged tag name when loading Exif data #7842 [@radarhere]

Use maximum frame size in IHDR chunk when saving APNG images #7821 [@radarhere]

Prevent opening P TGA images without a palette #7797 [@radarhere]

Use palette when loading ICO images #7798 [@radarhere]

Use consistent arguments for load_read and load_seek #7713 [@radarhere]

Turn off nullability warnings for macOS SDK #7827 [@radarhere]

Fix shift-sign issue in Convert.c #7838 [@r-barnes]

winbuild: Refactor dependency versions into constants #7843 [@hugovk]

Build macOS arm64 wheels natively #7852 [@radarhere]

Fixed typo #7855 [@radarhere]

Open 16-bit grayscale PNGs as I;16 #7849 [@radarhere]

Handle truncated chunks at the end of PNG images #7709 [@lajiyuan]

Match mask size to pasted image size in GifImagePlugin #7779 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

Determine MPO size from markers, not EXIF data #7884 [radarhere]

Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

Support FITS images with GZIP_1 compression #7894 [radarhere]

Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

Raise ValueError if kmeans is negative Description has been truncated

Bumps the pip group with 18 updates in the /demos/palm/python/docs-agent directory: | Package | From | To | | --- | --- | --- | | [black](https://github.com/psf/black) | `23.12.0` | `24.3.0` | | [flask-cors](https://github.com/corydolphin/flask-cors) | `3.0.10` | `4.0.2` | | [certifi](https://github.com/certifi/python-certifi) | `2023.11.17` | `2024.7.4` | | [idna](https://github.com/kjd/idna) | `3.6` | `3.7` | | [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.6` | | [keras](https://github.com/keras-team/keras) | `2.9.0` | `3.9.0` | | [nltk](https://github.com/nltk/nltk) | `3.8.1` | `3.9.1` | | [pillow](https://github.com/python-pillow/Pillow) | `10.1.0` | `10.3.0` | | [requests](https://github.com/psf/requests) | `2.31.0` | `2.32.2` | | [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.3.2` | `1.5.1` | | [setuptools](https://github.com/pypa/setuptools) | `69.0.2` | `70.0.0` | | [starlette](https://github.com/encode/starlette) | `0.27.0` | `0.40.0` | | [torch](https://github.com/pytorch/pytorch) | `2.1.1` | `2.6.0` | | [tqdm](https://github.com/tqdm/tqdm) | `4.66.1` | `4.66.3` | | [transformers](https://github.com/huggingface/transformers) | `4.36.0` | `4.48.0` | | [urllib3](https://github.com/urllib3/urllib3) | `2.1.0` | `2.2.2` | | [werkzeug](https://github.com/pallets/werkzeug) | `3.0.1` | `3.0.6` | | [zipp](https://github.com/jaraco/zipp) | `3.17.0` | `3.19.1` | Updates `black` from 23.12.0 to 24.3.0 - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](psf/black@23.12.0...24.3.0) Updates `flask-cors` from 3.0.10 to 4.0.2 - [Release notes](https://github.com/corydolphin/flask-cors/releases) - [Changelog](https://github.com/corydolphin/flask-cors/blob/main/CHANGELOG.md) - [Commits](corydolphin/flask-cors@3.0.10...4.0.2) Updates `certifi` from 2023.11.17 to 2024.7.4 - [Commits](certifi/python-certifi@2023.11.17...2024.07.04) Updates `idna` from 3.6 to 3.7 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.6...v3.7) Updates `jinja2` from 3.1.2 to 3.1.6 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.6) Updates `keras` from 2.9.0 to 3.9.0 - [Release notes](https://github.com/keras-team/keras/releases) - [Commits](keras-team/keras@v2.9.0...v3.9.0) Updates `nltk` from 3.8.1 to 3.9.1 - [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog) - [Commits](nltk/nltk@3.8.1...3.9.1) Updates `pillow` from 10.1.0 to 10.3.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.1.0...10.3.0) Updates `requests` from 2.31.0 to 2.32.2 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.31.0...v2.32.2) Updates `scikit-learn` from 1.3.2 to 1.5.1 - [Release notes](https://github.com/scikit-learn/scikit-learn/releases) - [Commits](scikit-learn/scikit-learn@1.3.2...1.5.1) Updates `setuptools` from 69.0.2 to 70.0.0 - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v69.0.2...v70.0.0) Updates `starlette` from 0.27.0 to 0.40.0 - [Release notes](https://github.com/encode/starlette/releases) - [Changelog](https://github.com/encode/starlette/blob/master/docs/release-notes.md) - [Commits](encode/starlette@0.27.0...0.40.0) Updates `tensorflow` from 2.9.0 to 2.0.2 - [Release notes](https://github.com/tensorflow/tensorflow/releases) - [Changelog](https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md) - [Commits](tensorflow/tensorflow@v2.9.0...v2.0.2) Updates `torch` from 2.1.1 to 2.6.0 - [Release notes](https://github.com/pytorch/pytorch/releases) - [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md) - [Commits](pytorch/pytorch@v2.1.1...v2.6.0) Updates `tqdm` from 4.66.1 to 4.66.3 - [Release notes](https://github.com/tqdm/tqdm/releases) - [Commits](tqdm/tqdm@v4.66.1...v4.66.3) Updates `transformers` from 4.36.0 to 4.48.0 - [Release notes](https://github.com/huggingface/transformers/releases) - [Commits](huggingface/transformers@v4.36.0...v4.48.0) Updates `urllib3` from 2.1.0 to 2.2.2 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.1.0...2.2.2) Updates `werkzeug` from 3.0.1 to 3.0.6 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@3.0.1...3.0.6) Updates `zipp` from 3.17.0 to 3.19.1 - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](jaraco/zipp@v3.17.0...v3.19.1) --- updated-dependencies: - dependency-name: black dependency-version: 24.3.0 dependency-type: direct:development dependency-group: pip - dependency-name: flask-cors dependency-version: 4.0.2 dependency-type: direct:development dependency-group: pip - dependency-name: certifi dependency-version: 2024.7.4 dependency-type: indirect dependency-group: pip - dependency-name: idna dependency-version: '3.7' dependency-type: indirect dependency-group: pip - dependency-name: jinja2 dependency-version: 3.1.6 dependency-type: indirect dependency-group: pip - dependency-name: keras dependency-version: 3.9.0 dependency-type: indirect dependency-group: pip - dependency-name: nltk dependency-version: 3.9.1 dependency-type: indirect dependency-group: pip - dependency-name: pillow dependency-version: 10.3.0 dependency-type: indirect dependency-group: pip - dependency-name: requests dependency-version: 2.32.2 dependency-type: indirect dependency-group: pip - dependency-name: scikit-learn dependency-version: 1.5.1 dependency-type: indirect dependency-group: pip - dependency-name: setuptools dependency-version: 70.0.0 dependency-type: indirect dependency-group: pip - dependency-name: starlette dependency-version: 0.40.0 dependency-type: indirect dependency-group: pip - dependency-name: tensorflow dependency-version: 2.0.2 dependency-type: indirect dependency-group: pip - dependency-name: torch dependency-version: 2.6.0 dependency-type: indirect dependency-group: pip - dependency-name: tqdm dependency-version: 4.66.3 dependency-type: indirect dependency-group: pip - dependency-name: transformers dependency-version: 4.48.0 dependency-type: indirect dependency-group: pip - dependency-name: urllib3 dependency-version: 2.2.2 dependency-type: indirect dependency-group: pip - dependency-name: werkzeug dependency-version: 3.0.6 dependency-type: indirect dependency-group: pip - dependency-name: zipp dependency-version: 3.19.1 dependency-type: indirect dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

codesandbox · 2025-04-15T23:46:41Z

Review or Edit in CodeSandbox

Open the branch in Web Editor • VS Code • Insiders

Open Preview

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 15, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Bump the pip group across 1 directory with 19 updates #3

Bump the pip group across 1 directory with 19 updates #3

Uh oh!

dependabot bot commented on behalf of github Apr 15, 2025

Uh oh!

codesandbox bot commented Apr 15, 2025

Uh oh!

Uh oh!

Bump the pip group across 1 directory with 19 updates #3

Are you sure you want to change the base?

Bump the pip group across 1 directory with 19 updates #3

Uh oh!

Conversation

dependabot bot commented on behalf of github Apr 15, 2025

24.3.0

Highlights

Stable style

Performance

Documentation

24.2.0

Stable style

Preview style

Configuration

24.3.0

Highlights

Stable style

Performance

Documentation

24.2.0

Stable style

Preview style

4.0.2

What's Changed

New Contributors

4.0.1

What's Changed

New Contributors

Release 4.0.0

What's Changed

New Contributors

3.1.01

What's Changed

New Contributors

Change Log

4.0.1

Security

4.0.0

3.1.01

v3.7

What's Changed

3.1.6

3.1.5

3.1.4

3.1.3

Version 3.1.6

Version 3.1.5

Keras 3.9.0

New features

New Contributors

Keras 3.8.0

New: OpenVINO backend

10.3.0

Deprecations

Changes

10.3.0 (2024-04-01)

Uh oh!

codesandbox bot commented Apr 15, 2025

Review or Edit in CodeSandbox

Uh oh!

Uh oh!