Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the pip group across 6 directories with 5 updates #7

Closed
wants to merge 1 commit into from
Closed

Bump the pip group across 6 directories with 5 updates #7

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github May 20, 2024

Updates the requirements on numpy, pillow, requests, tensorflow and scikit-learn to permit the latest version.
Updates numpy from 1.18.1 to 1.22.0

Release notes

Sourced from numpy's releases.

v1.22.0

NumPy 1.22.0 Release Notes

NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements, highlights are:

  • Annotations of the main namespace are essentially complete. Upstream is a moving target, so there will likely be further improvements, but the major work is done. This is probably the most user visible enhancement in this release.
  • A preliminary version of the proposed Array-API is provided. This is a step in creating a standard collection of functions that can be used across application such as CuPy and JAX.
  • NumPy now has a DLPack backend. DLPack provides a common interchange format for array (tensor) data.
  • New methods for quantile, percentile, and related functions. The new methods provide a complete set of the methods commonly found in the literature.
  • A new configurable allocator for use by downstream projects.

These are in addition to the ongoing work to provide SIMD support for commonly used functions, improvements to F2PY, and better documentation.

The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped. Note that 32 bit wheels are only provided for Python 3.8 and 3.9 on Windows, all other wheels are 64 bits on account of Ubuntu, Fedora, and other Linux distributions dropping 32 bit support. All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix the occasional problems encountered by folks using truly huge arrays.

Expired deprecations

Deprecated numeric style dtype strings have been removed

Using the strings "Bytes0", "Datetime64", "Str0", "Uint32", and "Uint64" as a dtype will now raise a TypeError.

(gh-19539)

Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

numpy.loads was deprecated in v1.15, with the recommendation that users use pickle.loads instead. ndfromtxt and mafromtxt were both deprecated in v1.17 - users should use numpy.genfromtxt instead with the appropriate value for the usemask parameter.

(gh-19615)

... (truncated)

Commits

Updates pillow from 7.1.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

  • CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

  • Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

  • Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

  • Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

  • Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

  • Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

  • Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

  • Determine MPO size from markers, not EXIF data #7884 [radarhere]

  • Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

  • Support FITS images with GZIP_1 compression #7894 [radarhere]

  • Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

  • Raise ValueError if kmeans is negative #7891 [radarhere]

  • Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

  • Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

  • Added reading of JPEG2000 palettes #7870 [radarhere]

  • Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits
  • 5c89d88 10.3.0 version bump
  • 63cbfcf Update CHANGES.rst [ci skip]
  • 2776126 Merge pull request #7928 from python-pillow/lcms
  • aeb51cb Merge branch 'main' into lcms
  • 5beb0b6 Update CHANGES.rst [ci skip]
  • cac6ffa Merge pull request #7927 from python-pillow/imagemath
  • f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
  • facf3af Added release notes
  • 2a93aba Use strncpy to avoid buffer overflow
  • a670597 Update CHANGES.rst [ci skip]
  • Additional commits viewable in compare view

Updates requests from 2.22.0 to 2.32.0

Release notes

Sourced from requests's releases.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

  • Requests has officially added support for CPython 3.12 (#6503)
  • Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
  • Requests has officially dropped support for CPython 3.7 (#6642)
  • Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)

Documentation

  • Various typo fixes and doc improvements.

Packaging

  • Requests has started adopting some modern packaging practices. The source files for the projects (formerly requests) is now located in src/requests in the Requests sdist. (#6506)
  • Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.

New Contributors

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.0 (2024-05-20)

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

  • Requests has officially added support for CPython 3.12 (#6503)
  • Requests has officially added support for PyPy 3.9 and 3.10 (#6641)
  • Requests has officially dropped support for CPython 3.7 (#6642)
  • Requests has officially dropped support for PyPy 3.7 and 3.8 (#6641)

Documentation

  • Various typo fixes and doc improvements.

Packaging

  • Requests has started adopting some modern packaging practices. The source files for the projects (formerly requests) is now located in src/requests in the Requests sdist. (#6506)
  • Starting in Requests 2.33.0, Requests will migrate to a PEP 517 build system using hatchling. This should not impact the average user, but extremely old versions of packaging utilities may have issues with the new packaging format.

2.31.0 (2023-05-22)

Security

... (truncated)

Commits
  • d6ebc4a v2.32.0
  • 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
  • 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
  • 555b870 Allow character detection dependencies to be optional in post-packaging steps
  • d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
  • bf24b7d Use an invalid URI that will not cause httpbin to throw 500
  • 2d5f547 Pin 3.8 and 3.9 runners back to macos-13 (#6688)
  • f1bb07d Merge pull request #6687 from psf/dependabot/github_actions/github/codeql-act...
  • 60047ad Bump github/codeql-action from 3.24.0 to 3.25.0
  • 31ebb81 Merge pull request #6682 from frenzymadness/pytest8
  • Additional commits viewable in compare view

Updates tensorflow from 1.15.4 to 2.11.1

Release notes

Sourced from tensorflow's releases.

TensorFlow 2.11.1

Release 2.11.1

Note: TensorFlow 2.10 was the last TensorFlow release that supported GPU on native-Windows. Starting with TensorFlow 2.11, you will need to install TensorFlow in WSL2, or install tensorflow-cpu and, optionally, try the TensorFlow-DirectML-Plugin.

  • Security vulnerability fixes will no longer be patched to this Tensorflow version. The latest Tensorflow version includes the security vulnerability fixes. You can update to the latest version (recommended) or patch security vulnerabilities yourself steps. You can refer to the release notes of the latest Tensorflow version for a list of newly fixed vulnerabilities. If you have any questions, please create a GitHub issue to let us know.

This release also introduces several vulnerability fixes:

TensorFlow 2.11.0

Release 2.11.0

Breaking Changes

  • The tf.keras.optimizers.Optimizer base class now points to the new Keras optimizer, while the old optimizers have been moved to the tf.keras.optimizers.legacy namespace.

    If you find your workflow failing due to this change, you may be facing one of the following issues:

    • Checkpoint loading failure. The new optimizer handles optimizer state differently from the old optimizer, which simplifies the logic of checkpoint saving/loading, but at the cost of breaking checkpoint backward compatibility in some cases. If you want to keep using an old checkpoint, please change your optimizer to tf.keras.optimizer.legacy.XXX (e.g. tf.keras.optimizer.legacy.Adam).
    • TF1 compatibility. The new optimizer, tf.keras.optimizers.Optimizer, does not support TF1 any more, so please use the legacy optimizer tf.keras.optimizer.legacy.XXX. We highly recommend migrating your workflow to TF2 for stable support and new features.
    • Old optimizer API not found. The new optimizer, tf.keras.optimizers.Optimizer, has a different set of public APIs from the old optimizer. These API changes are mostly related to getting rid of slot variables and TF1 support. Please check the API documentation to find alternatives to the missing API. If you must call the deprecated API, please change your optimizer to the legacy optimizer.
    • Learning rate schedule access. When using a tf.keras.optimizers.schedules.LearningRateSchedule, the new optimizer's learning_rate property returns the current learning rate value instead of a LearningRateSchedule object as before. If you need to access the LearningRateSchedule object, please use optimizer._learning_rate.
    • If you implemented a custom optimizer based on the old optimizer. Please set your optimizer to subclass tf.keras.optimizer.legacy.XXX. If you want to migrate to the new optimizer and find it does not support your optimizer, please file an issue in the Keras GitHub repo.
    • Errors, such as Cannot recognize variable.... The new optimizer requires all optimizer variables to be created at the first apply_gradients() or minimize() call. If your workflow calls the optimizer to update different parts of the model in multiple stages, please call optimizer.build(model.trainable_variables) before the training loop.
    • Timeout or performance loss. We don't anticipate this to happen, but if you see such issues, please use the legacy optimizer, and file an issue in the Keras GitHub repo.

    The old Keras optimizer will never be deleted, but will not see any new feature additions. New optimizers (for example, tf.keras.optimizers.Adafactor) will only be implemented based on the new tf.keras.optimizers.Optimizer base class.

  • tensorflow/python/keras code is a legacy copy of Keras since the TensorFlow v2.7 release, and will be deleted in the v2.12 release. Please remove any import of tensorflow.python.keras and use the public API with from tensorflow import keras or import tensorflow as tf; tf.keras.

Major Features and Improvements

... (truncated)

Changelog

Sourced from tensorflow's changelog.

Release 2.11.1

Note: TensorFlow 2.10 was the last TensorFlow release that supported GPU on native-Windows. Starting with TensorFlow 2.11, you will need to install TensorFlow in WSL2, or install tensorflow-cpu and, optionally, try the TensorFlow-DirectML-Plugin.

  • Security vulnerability fixes will no longer be patched to this Tensorflow version. The latest Tensorflow version includes the security vulnerability fixes. You can update to the latest version (recommended) or patch security vulnerabilities yourself steps. You can refer to the release notes of the latest Tensorflow version for a list of newly fixed vulnerabilities. If you have any questions, please create a GitHub issue to let us know.

This release also introduces several vulnerability fixes:

Release 2.11.0

Breaking Changes

  • tf.keras.optimizers.Optimizer now points to the new Keras optimizer, and old optimizers have moved to the tf.keras.optimizers.legacy namespace. If you find your workflow failing due to this change, you may be facing one of the following issues:

    • Checkpoint loading failure. The new optimizer handles optimizer state differently from the old optimizer, which simplies the logic of checkpoint saving/loading, but at the cost of breaking checkpoint backward compatibility in some cases. If you want to keep using an old checkpoint, please change your optimizer to tf.keras.optimizers.legacy.XXX (e.g. tf.keras.optimizers.legacy.Adam).
    • TF1 compatibility. The new optimizer does not support TF1 any more, so please use the legacy optimizer tf.keras.optimizer.legacy.XXX. We highly recommend to migrate your workflow to TF2 for stable support and new features.
    • API not found. The new optimizer has a different set of public APIs from the old optimizer. These API changes are mostly related to getting rid of slot variables and TF1 support. Please check the API

... (truncated)

Commits
  • a3e2c69 Merge pull request #60016 from tensorflow/fix-relnotes
  • 13b85dc Fix release notes
  • 48b18db Merge pull request #60014 from tensorflow/disable-test-that-ooms
  • eea48f5 Disable a test that results in OOM+segfault
  • a632584 Merge pull request #60000 from tensorflow/venkat-patch-3
  • 93dea7a Update RELEASE.md
  • a2ba9f1 Updating Release.md with Legal Language for Release Notes
  • fae41c7 Merge pull request #59998 from tensorflow/fix-bad-cherrypick-again
  • 2757416 Fix bad cherrypick
  • c78616f Merge pull request #59992 from tensorflow/fix-2.11-build
  • Additional commits viewable in compare view

Updates pillow from 6.2.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

  • CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

  • Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

  • Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

  • Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

  • Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

  • Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

  • Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

  • Determine MPO size from markers, not EXIF data #7884 [radarhere]

  • Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

  • Support FITS images with GZIP_1 compression #7894 [radarhere]

  • Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

  • Raise ValueError if kmeans is negative #7891 [radarhere]

  • Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

  • Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

  • Added reading of JPEG2000 palettes #7870 [radarhere]

  • Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits
  • 5c89d88 10.3.0 version bump
  • 63cbfcf Update CHANGES.rst [ci skip]
  • 2776126 Merge pull request #7928 from python-pillow/lcms
  • aeb51cb Merge branch 'main' into lcms
  • 5beb0b6 Update CHANGES.rst [ci skip]
  • cac6ffa Merge pull request #7927 from python-pillow/imagemath
  • f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
  • facf3af Added release notes
  • 2a93aba Use strncpy to avoid buffer overflow
  • a670597 Update CHANGES.rst [ci skip]
  • Additional commits viewable in compare view

Updates numpy to 1.26.4

Release notes

Sourced from numpy's releases.

v1.22.0

NumPy 1.22.0 Release Notes

NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements, highlights are:

  • Annotations of the main namespace are essentially complete. Upstream is a moving target, so there will likely be further improvements, but the major work is done. This is probably the most user visible enhancement in this release.
  • A preliminary version of the proposed Array-API is provided. This is a step in creating a standard collection of functions that can be used across application such as CuPy and JAX.
  • NumPy now has a DLPack backend. DLPack provides a common interchange format for array (tensor) data.
  • New methods for quantile, percentile, and related functions. The new methods provide a complete set of the methods commonly found in the literature.
  • A new configurable allocator for use by downstream projects.

These are in addition to the ongoing work to provide SIMD support for commonly used functions, improvements to F2PY, and better documentation.

The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped. Note that 32 bit wheels are only provided for Python 3.8 and 3.9 on Windows, all other wheels are 64 bits on account of Ubuntu, Fedora, and other Linux distributions dropping 32 bit support. All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix the occasional problems encountered by folks using truly huge arrays.

Expired deprecations

Deprecated numeric style dtype strings have been removed

Using the strings "Bytes0", "Datetime64", "Str0", "Uint32", and "Uint64" as a dtype will now raise a TypeError.

(gh-19539)

Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

numpy.loads was deprecated in v1.15, with the recommendation that users use pickle.loads instead. ndfromtxt and mafromtxt were both deprecated in v1.17 - users should use numpy.genfromtxt instead with the appropriate value for the usemask parameter.

(gh-19615)

... (truncated)

Commits

Updates scikit-learn from 0.20.3 to 0.23.1

Release notes

Source...

Description has been truncated

@dependabot
---
66db337 
updated-dependencies:
- dependency-name: numpy
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pillow
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tensorflow
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pillow
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: numpy
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: scikit-learn
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: scikit-learn
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: scikit-learn
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels May 20, 2024
@dependabot dependabot bot mentioned this pull request May 20, 2024
Closed
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github May 23, 2024

Superseded by #8.

@dependabot dependabot bot closed this May 23, 2024
@dependabot dependabot bot deleted the dependabot/pip/docs/samples/custom/kfserving-custom-model/model-server/pip-41be3fbd47 branch May 23, 2024 17:22
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants