Skip to content

Bump the pip group across 1 directory with 6 updates #1

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Bump the pip group across 1 directory with 6 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Feb 14, 2025

Bumps the pip group with 6 updates in the / directory:

Package From To
flask 2.2.3 2.2.5
keras 2.12.0 3.8.0
nltk 3.7 3.9
requests 2.27.1 2.32.2
streamlit 1.22.0 1.37.0
tensorflow 2.12.0 2.12.1

Updates flask from 2.2.3 to 2.2.5

Release notes

Sourced from flask's releases.

2.2.5

This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

2.2.4

This is a fix release for the 2.2.x release branch.

Changelog

Sourced from flask's changelog.

Version 2.2.5

Released 2023-05-02

  • Update for compatibility with Werkzeug 2.3.3.
  • Set Vary: Cookie header when the session is accessed, modified, or refreshed.

Version 2.2.4

Released 2023-04-25

  • Update for compatibility with Werkzeug 2.3.
Commits

Updates keras from 2.12.0 to 3.8.0

Release notes

Sourced from keras's releases.

Keras 3.8.0

New: OpenVINO backend

OpenVINO is now available as an infererence-only Keras backend. You can start using it by setting the backend field to "openvino" in your keras.json config file.

OpenVINO is a deep learning inference-only framework tailored for CPU (x86, ARM), certain GPUs (OpenCL capable, integrated and discrete) and certain AI accelerators (Intel NPU).

Because OpenVINO does not support gradients, you cannot use it for training (e.g. model.fit()) -- only inference. You can train your models with the JAX/TensorFlow/PyTorch backends, and when trained, reload them with the OpenVINO backend for inference on a target device supported by OpenVINO.

New: ONNX model export

You can now export your Keras models to the ONNX format from the JAX, TensorFlow, and PyTorch backends.

Just pass format="onnx" in your model.export() call:

# Export the model as a ONNX artifact
model.export("path/to/location", format="onnx")
Load the artifact in a different process/environment
ort_session = onnxruntime.InferenceSession("path/to/location")
Run inference
ort_inputs = {
k.name: v for k, v in zip(ort_session.get_inputs(), input_data)
}
predictions = ort_session.run(None, ort_inputs)

New: Scikit-Learn API compatibility interface

It's now possible to easily integrate Keras models into Sciki-Learn pipelines! The following wrapper classes are available:

  • keras.wrappers.SKLearnClassifier: implements the sklearn Classifier API
  • keras.wrappers.SKLearnRegressor: implements the sklearn Regressor API
  • keras.wrappers.SKLearnTransformer: implements the sklearn Transformer API

Other feature additions

  • Add new ops:
    • Add keras.ops.diagflat
    • Add keras.ops.unravel_index
  • Add new activations:
    • Add sparse_plus activation
    • Add sparsemax activation
  • Add new image augmentation and preprocessing layers:
    • Add keras.layers.RandAugment
    • Add keras.layers.Equalization
    • Add keras.layers.MixUp

... (truncated)

Commits

Updates nltk from 3.7 to 3.9

Changelog

Sourced from nltk's changelog.

Version 3.9.1 2024-08-19

  • Fixed bug that prevented wordnet from loading

Version 3.9 2024-08-18

  • Fix security vulnerability CVE-2024-39705 (breaking change)
  • Replace pickled models (punkt, chunker, taggers) by new pickle-free "_tab" packages
  • No longer sort Wordnet synsets and relations (sort in calling function when required)
  • Only strip the last suffix in Wordnet Morphy, thus restricting synsets() results
  • Add Python 3.12 support
  • Many other minor fixes

Thanks to the following contributors to 3.8.2: Tom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins, Eric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.

Version 3.8.1 2023-01-02

  • Resolve RCE vulnerability in localhost WordNet Browser (#3100)
  • Remove unused tool scripts (#3099)
  • Resolve XSS vulnerability in localhost WordNet Browser (#3096)
  • Add Python 3.11 support (#3090)

Thanks to the following contributors to 3.8.1: Francis Bond, John Vandenberg, Tom Aarsen

Version 3.8 2022-12-12

  • Refactor dispersion plot (#3082)
  • Provide type hints for LazyCorpusLoader variables (#3081)
  • Throw warning when LanguageModel is initialized with incorrect vocabulary (#3080)
  • Fix WordNet's all_synsets() function (#3078)
  • Resolve TreebankWordDetokenizer inconsistency with end-of-string contractions (#3070)
  • Support both iso639-3 codes and BCP-47 language tags (#3060)
  • Avoid DeprecationWarning in Regexp tokenizer (#3055)
  • Fix many doctests, add doctests to CI (#3054, #3050, #3048)
  • Fix bool field not being read in VerbNet (#3044)
  • Greatly improve time efficiency of SyllableTokenizer when tokenizing numbers (#3042)
  • Fix encodings of Polish udhr corpus reader (#3038)
  • Allow TweetTokenizer to tokenize emoji flag sequences (#3034)
  • Prevent LazyModule from increasing the size of nltk.dict (#3033)
  • Fix CoreNLPServer non-default port issue (#3031)
  • Add "acion" suffix to the Spanish SnowballStemmer (#3030)
  • Allow loading WordNet without OMW (#3026)
  • Use input() in nltk.chat.chatbot() for Jupyter support (#3022)
  • Fix edit_distance_align() in distance.py (#3017)
  • Tackle performance and accuracy regression of sentence tokenizer since NLTK 3.6.6 (#3014)
  • Add the Iota operator to semantic logic (#3010)
  • Resolve critical errors in WordNet app (#3008)
  • Resolve critical error in CHILDES Corpus (#2998)
  • Make WordNet information_content() accept adjective satellites (#2995)

... (truncated)

Commits

Updates requests from 2.27.1 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits
  • 88dce9d v2.32.2
  • c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
  • 92075b3 Add deprecation warning
  • aa1461b Move _get_connection to get_connection_with_tls_context
  • 970e8ce v2.32.1
  • d6ebc4a v2.32.0
  • 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
  • 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
  • 555b870 Allow character detection dependencies to be optional in post-packaging steps
  • d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
  • Additional commits viewable in compare view

Updates streamlit from 1.22.0 to 1.37.0

Release notes

Sourced from streamlit's releases.

1.37.0

What's Changed

New Features 🎉

Bug Fixes 🐛

Other Changes

New Contributors

Full Changelog: streamlit/streamlit@1.36.0...1.37.0

1.36.0

What's Changed

... (truncated)

Commits
  • e2c3c93 Up version to 1.37.0
  • 88389e3 Docstrings for 1.37.0 (#9115)
  • 898fd80 Temp solution to fix invalid material icon error rendering (#9113)
  • b2c88c6 Reset ctx.current_fragment_id to last ID instead of None (#9114)
  • 3a63985 Validate the path using Tornado before performing checks (#8990)
  • 40303e1 Move the filled star icon for feedback widget from python code to web app (#9...
  • 6296baf Update the feedback widget design (#9094)
  • b9c3521 Fixes two st.map width bugs (#9070)
  • a2ae47a Only expose selected objects in components module (#8873)
  • 340f3f7 De-experimentalize st.dialog (#9020)
  • Additional commits viewable in compare view

Updates tensorflow from 2.12.0 to 2.12.1

Release notes

Sourced from tensorflow's releases.

TensorFlow 2.12.1

Release 2.12.1

Bug Fixes and Other Changes

  • The use of the ambe config to build and test aarch64 is not needed. The ambe config will be removed in the future. Making cpu_arm64_pip.sh and cpu_arm64_nonpip.sh more similar for easier future maintenance.
Changelog

Sourced from tensorflow's changelog.

Release 2.12.1

Bug Fixes and Other Changes

  • The use of the ambe config to build and test aarch64 is not needed. The ambe config will be removed in the future. Making cpu_arm64_pip.sh and cpu_arm64_nonpip.sh more similar for easier future maintenance.
Commits
  • 8e2b665 Merge pull request #61094 from tensorflow/venkat-patch-444
  • 02478f0 Fix unit test failure caused by numpy update
  • 2cd9b41 Merge pull request #61082 from tensorflow/venkat-patch-333
  • 7995c95 Updating Simplified retry logic to DNS cache
  • 29479ed Merge pull request #60872 from tensorflow/r2.12-c45a6c0b1cb
  • e76a933 Simplified retry logic to DNS cache
  • 76addf7 Merge pull request #60850 from elfringham/non_pip_fix
  • 05987a8 [Linaro:ARM_CI] Fix permissions for running nonpip tests
  • 23724d2 Merge pull request #60842 from elfringham/r2.12
  • 496730b Limit typing_extensions to less than 4.6.0 until it works
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 6 updates
ce71e1e 
Bumps the pip group with 6 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [flask](https://github.com/pallets/flask) | `2.2.3` | `2.2.5` |
| [keras](https://github.com/keras-team/keras) | `2.12.0` | `3.8.0` |
| [nltk](https://github.com/nltk/nltk) | `3.7` | `3.9` |
| [requests](https://github.com/psf/requests) | `2.27.1` | `2.32.2` |
| [streamlit](https://github.com/streamlit/streamlit) | `1.22.0` | `1.37.0` |
| [tensorflow](https://github.com/tensorflow/tensorflow) | `2.12.0` | `2.12.1` |



Updates `flask` from 2.2.3 to 2.2.5
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@2.2.3...2.2.5)

Updates `keras` from 2.12.0 to 3.8.0
- [Release notes](https://github.com/keras-team/keras/releases)
- [Commits](keras-team/keras@v2.12.0...v3.8.0)

Updates `nltk` from 3.7 to 3.9
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.7...3.9)

Updates `requests` from 2.27.1 to 2.32.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.27.1...v2.32.2)

Updates `streamlit` from 1.22.0 to 1.37.0
- [Release notes](https://github.com/streamlit/streamlit/releases)
- [Commits](streamlit/streamlit@1.22.0...1.37.0)

Updates `tensorflow` from 2.12.0 to 2.12.1
- [Release notes](https://github.com/tensorflow/tensorflow/releases)
- [Changelog](https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md)
- [Commits](tensorflow/tensorflow@v2.12.0...v2.12.1)

---
updated-dependencies:
- dependency-name: flask
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: keras
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: nltk
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: streamlit
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tensorflow
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 14, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants