⬆️ Bump the pip group with 17 updates by dependabot[bot] · Pull Request #39 · futabato/FutabatedLearning

dependabot · 2024-07-15T19:23:57Z

Bumps the pip group with 17 updates:

Package	From	To
scikit-learn	`1.3.0`	`1.5.0`
mlflow	`2.10.2`	`2.14.2`
pillow	`9.5.0`	`10.3.0`
certifi	`2023.7.22`	`2024.7.4`
fonttools	`4.42.1`	`4.43.0`
gitpython	`3.1.32`	`3.1.41`
gunicorn	`21.2.0`	`22.0.0`
idna	`3.4`	`3.7`
jinja2	`3.1.2`	`3.1.4`
pyarrow	`12.0.1`	`14.0.1`
requests	`2.31.0`	`2.32.2`
setuptools	`69.0.3`	`70.0.0`
sqlparse	`0.4.4`	`0.5.0`
tornado	`6.4`	`6.4.1`
urllib3	`2.0.4`	`2.2.2`
werkzeug	`2.3.7`	`3.0.3`
zipp	`3.16.2`	`3.19.1`

Updates scikit-learn from 1.3.0 to 1.5.0

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.5.0

We're happy to announce the 1.5.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.5.html

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:
pip install -U scikit-learn
The conda-forge builds can be installed using:
conda install -c conda-forge scikit-learn
Scikit-learn 1.4.2

We're happy to announce the 1.4.2 release.

This release only includes support for numpy 2.

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:
pip install -U scikit-learn
Scikit-learn 1.4.1.post1

We're happy to announce the 1.4.1.post1 release.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:
pip install -U scikit-learn
The conda-forge builds can be installed using:
conda install -c conda-forge scikit-learn

... (truncated)

Commits

b51d0c9 trigger whell builder [cd build]
919ae9b MAINT Reoder what's new for 1.5 (#29039)
0ac28ad DOC Release highlights 1.5 (#29007)
729b54d test py3.12 against numpy 2 [cd build]
1e50434 set version
ffbe4ab DOC remove obsolete SVM example (#27108)
4647729 DOC Fix time complexity of MLP (#28592)
9bd7047 FIX convergence criterion of MeanShift (#28951)
b79420f FIX add long long for int32/int64 windows compat in NumPy 2.0 (#29029)
37f544d DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...
Additional commits viewable in compare view

Updates mlflow from 2.10.2 to 2.14.2

Release notes

Sourced from mlflow's releases.

MLflow 2.14.2 is a patch release that includes several important bug fixes and documentation enhancements.

Bug fixes:

[Models] Fix an issue with requirements inference error handling when disabling the default warning-only behavior (#12547, @B-Step62)

[Models] Fix dependency inference issues with Transformers models saved with the unified API llm/v1/xxx task definitions. (#12551, @B-Step62)

[Models / Databricks] Fix an issue with MLlfow log_model introduced in MLflow 2.13.0 that causes Databricks DLT service to crash in some situations (#12514, @WeichenXu123)

[Models] Fix an output data structure issue with the predict_stream implementation for LangChain AgentExecutor and other non-Runnable chains (#12518, @B-Step62)

[Tracking] Fix an issue with the predict_proba inference method in the sklearn flavor when loading an sklearn pipeline object as pyfunc (#12554, @WeichenXu123)

[Tracking] Fix an issue with the Tracing implementation where other services usage of OpenTelemetry would activate MLflow tracing and cause errors (#12457, @B-Step62)

[Tracking / Databricks] Correct an issue when running dependency inference in Databricks that can cause duplicate dependency entries to be logged (#12493, @sunishsheth2009)

Documentation updates:

[Docs] Add documentation and guides for the MLflow tracing schema (#12521, @BenWilson2)

Small bug fixes and documentation updates:

#12311, #12285, #12535, #12543, #12320, #12444, @B-Step62; #12310, #12340, @serena-ruan; #12409, #12432, #12471, #12497, #12499, @harupy; #12555, @nojaf; #12472, #12431, @xq-yin; #12530, #12529, #12528, #12527, #12526, #12524, #12531, #12523, #12525, #12522, @dbczumar; #12483, @jsuchome; #12465, #12441, @BenWilson2; #12450, @StarryZhang-whu

MLflow 2.14.1 is a patch release that contains several bug fixes and documentation improvements

Bug fixes:

[Models] Fix params and model_config handling for llm/v1/xxx Transformers model (#12401, @B-Step62)

[UI] Fix dark mode user preference (#12386, @daniellok-db)

[Docker] Fix docker image failing to build with install_mlflow=False (#12388, @daniellok-db)

Documentation updates:

[Docs] Add link to langchain autologging page in doc (#12398, @xq-yin)

[Docs] Add documentation for Models from Code (#12381, @BenWilson2)

Small bug fixes and documentation updates:

#12415, #12396, #12394, @harupy; #12403, #12382, @BenWilson2; #12397, @B-Step62

v2.14.0

2.14.0 (2024-06-17)

MLflow 2.14.0 includes several major features and improvements that we're very excited to announce!

Major features:

MLflow Tracing: Tracing is powerful tool designed to enhance your ability to monitor, analyze, and debug GenAI applications by allowing you to inspect the intermediate outputs generated as your application handles a request. This update comes with an automatic LangChain integration to make it as easy as possible to get started, but we've also implemented high-level fluent APIs, and low-level client APIs for users who want more control over their trace instrumentation. For more information, check out the guide in our docs!

Unity Catalog Integration: The MLflow Deployments server now has an integration with Unity Catalog, allowing you to leverage registered functions as tools for enhancing your chat application. For more information, check out this guide!

OpenAI Autologging: Autologging support has now been added for the OpenAI model flavor. With this feature, MLflow will automatically log a model upon calling the OpenAI API. Each time a request is made, the inputs and outputs will be logged as artifacts. Check out the guide for more information!

Other Notable Features:

... (truncated)

Changelog

Sourced from mlflow's changelog.

2.14.2 (2024-07-03)

MLflow 2.14.2 is a patch release that includes several important bug fixes and documentation enhancements.

Bug fixes:

[Models] Fix an issue with requirements inference error handling when disabling the default warning-only behavior (#12547, @B-Step62)

[Models] Fix dependency inference issues with Transformers models saved with the unified API llm/v1/xxx task definitions. (#12551, @B-Step62)

[Models / Databricks] Fix an issue with MLlfow log_model introduced in MLflow 2.13.0 that causes Databricks DLT service to crash in some situations (#12514, @WeichenXu123)

[Models] Fix an output data structure issue with the predict_stream implementation for LangChain AgentExecutor and other non-Runnable chains (#12518, @B-Step62)

[Tracking] Fix an issue with the predict_proba inference method in the sklearn flavor when loading an sklearn pipeline object as pyfunc (#12554, @WeichenXu123)

[Tracking] Fix an issue with the Tracing implementation where other services usage of OpenTelemetry would activate MLflow tracing and cause errors (#12457, @B-Step62)

[Tracking / Databricks] Correct an issue when running dependency inference in Databricks that can cause duplicate dependency entries to be logged (#12493, @sunishsheth2009)

Documentation updates:

[Docs] Add documentation and guides for the MLflow tracing schema (#12521, @BenWilson2)

Small bug fixes and documentation updates:

#12311, #12285, #12535, #12543, #12320, #12444, @B-Step62; #12310, #12340, @serena-ruan; #12409, #12432, #12471, #12497, #12499, @harupy; #12555, @nojaf; #12472, #12431, @xq-yin; #12530, #12529, #12528, #12527, #12526, #12524, #12531, #12523, #12525, #12522, @dbczumar; #12483, @jsuchome; #12465, #12441, @BenWilson2; #12450, @StarryZhang-whu

2.14.1 (2024-06-20)

MLflow 2.14.1 is a patch release that contains several bug fixes and documentation improvements

Bug fixes:

[Models] Fix params and model_config handling for llm/v1/xxx Transformers model (#12401, @B-Step62)

[UI] Fix dark mode user preference (#12386, @daniellok-db)

[Docker] Fix docker image failing to build with install_mlflow=False (#12388, @daniellok-db)

Documentation updates:

[Docs] Add link to langchain autologging page in doc (#12398, @xq-yin)

[Docs] Add documentation for Models from Code (#12381, @BenWilson2)

Small bug fixes and documentation updates:

#12415, #12396, #12394, @harupy; #12403, #12382, @BenWilson2; #12397, @B-Step62

2.14.0 (2024-06-17)

MLflow 2.14.0 includes several major features and improvements that we're very excited to announce!

Major features:

MLflow Tracing: Tracing is powerful tool designed to enhance your ability to monitor, analyze, and debug GenAI applications by allowing you to inspect the intermediate outputs generated as your application handles a request. This update comes with an automatic LangChain integration to make it as easy as possible to get started, but we've also implemented high-level fluent APIs, and low-level client APIs for users who want more control over their trace instrumentation. For more information, check out the guide in our docs!

Unity Catalog Integration: The MLflow Deployments server now has an integration with Unity Catalog, allowing you to leverage registered functions as tools for enhancing your chat application. For more information, check out this guide!

OpenAI Autologging: Autologging support has now been added for the OpenAI model flavor. With this feature, MLflow will automatically log a model upon calling the OpenAI API. Each time a request is made, the inputs and outputs will be logged as artifacts. Check out the guide for more information!

... (truncated)

Commits

20c31eb Run python3 dev/update_mlflow_versions.py pre-release ... (#12566)
5b95867 fix reversion
e1d5f97 Update get_trace() fluent API to fetch trace from backend too (#12311)
b0cb71d Revert "Databricks SDK doc / error message improvement (#12552)"
a3f9024 Skip conversational tests for transformers dev (#12310)
b9956d4 Refactor @trace_disabled implementation (#12285)
d742cef Update pyfunc_serve_and_score_model to kill process after scoring (#12409)
3462aa0 Pin xgboost for FLAML (#12432)
0d6086d Document code_paths limitation when loading multiple models (#12471)
e9bf530 Use editable install in autoformat workflow (#12497)
Additional commits viewable in compare view

Updates pillow from 9.5.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@hugovk]

Use functools.lru_cache for hopper() #7912 [@hugovk]

Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [@radarhere]

Improve speed of loading QOI images #7925 [@radarhere]

Added RGB to I;16N conversion #7920 [@radarhere]

Add --report argument to main.py to omit supported formats #7818 [@nulano]

Added RGB to I;16, I;16L and I;16B conversion #7918 [@radarhere]

Fix editable installation with custom build backend and configuration options #7658 [@nulano]

Fix putdata() for I;16N on big-endian #7209 [@Yay295]

Determine MPO size from markers, not EXIF data #7884 [@radarhere]

Improved conversion from RGB to RGBa, LA and La #7888 [@radarhere]

Support FITS images with GZIP_1 compression #7894 [@radarhere]

Use I;16 mode for 9-bit JPEG 2000 images #7900 [@scaramallion]

Raise ValueError if kmeans is negative #7891 [@radarhere]

Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [@radarhere]

Raise ValueError for negative values when loading P1-P3 PPM images #7882 [@radarhere]

Added reading of JPEG2000 palettes #7870 [@radarhere]

Added alpha_quality argument when saving WebP images #7872 [@radarhere]

Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881 [@radarhere]

Removed Python and NumPy pinning on Cygwin #7880 [@radarhere]

Update UnidentifiedImageError and version imports #7644 [@radarhere]

Stop reading EPS image at EOF marker #7753 [@radarhere]

PSD layer co-ordinates may be negative #7706 [@radarhere]

Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [@radarhere]

When saving GIF frame that restores to background color, do not fill identical pixels #7788 [@radarhere]

Fixed reading PNG iCCP compression method #7823 [@radarhere]

Allow writing IFDRational to UNDEFINED tag #7840 [@radarhere]

Fix logged tag name when loading Exif data #7842 [@radarhere]

Use maximum frame size in IHDR chunk when saving APNG images #7821 [@radarhere]

Prevent opening P TGA images without a palette #7797 [@radarhere]

Use palette when loading ICO images #7798 [@radarhere]

Use consistent arguments for load_read and load_seek #7713 [@radarhere]

Turn off nullability warnings for macOS SDK #7827 [@radarhere]

Fix shift-sign issue in Convert.c #7838 [@r-barnes]

winbuild: Refactor dependency versions into constants #7843 [@hugovk]

Build macOS arm64 wheels natively #7852 [@radarhere]

Fixed typo #7855 [@radarhere]

Open 16-bit grayscale PNGs as I;16 #7849 [@radarhere]

Handle truncated chunks at the end of PNG images #7709 [@lajiyuan]

Match mask size to pasted image size in GifImagePlugin #7779 [@radarhere]

Changed SupportsGetMesh protocol to be public #7841 [@radarhere]

Release GIL while calling WebPAnimDecoderGetNext #7782 [@evanmiller]

Fixed reading FLI/FLC images with a prefix chunk #7804 [@twolife]

Updated package name for Tidelift #7810 [@radarhere]

Removed unused code #7744 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

Determine MPO size from markers, not EXIF data #7884 [radarhere]

Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

Support FITS images with GZIP_1 compression #7894 [radarhere]

Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

Raise ValueError if kmeans is negative #7891 [radarhere]

Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

Added reading of JPEG2000 palettes #7870 [radarhere]

Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits

5c89d88 10.3.0 version bump
63cbfcf Update CHANGES.rst [ci skip]
2776126 Merge pull request #7928 from python-pillow/lcms
aeb51cb Merge branch 'main' into lcms
5beb0b6 Update CHANGES.rst [ci skip]
cac6ffa Merge pull request #7927 from python-pillow/imagemath
f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
facf3af Added release notes
2a93aba Use strncpy to avoid buffer overflow
a670597 Update CHANGES.rst [ci skip]
Additional commits viewable in compare view

Updates certifi from 2023.7.22 to 2024.7.4

Commits

bd81538 2024.07.04 (#295)
06a2cbf Bump peter-evans/create-pull-request from 6.0.5 to 6.1.0 (#294)
13bba02 Bump actions/checkout from 4.1.6 to 4.1.7 (#293)
e8abcd0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0 (#292)
124f4ad 2024.06.02 (#291)
c2196ce --- (#290)
fefdeec Bump actions/checkout from 4.1.4 to 4.1.5 (#289)
3c5fb15 Bump actions/download-artifact from 4.1.6 to 4.1.7 (#286)
4a9569a Bump actions/checkout from 4.1.2 to 4.1.4 (#287)
1fc8086 Bump peter-evans/create-pull-request from 6.0.4 to 6.0.5 (#288)
Additional commits viewable in compare view

Updates fonttools from 4.42.1 to 4.43.0

Release notes

Sourced from fonttools's releases.

4.43.0

[subset] Set up lxml XMLParser(resolve_entities=False) when parsing OT-SVG documents to prevent XML External Entity (XXE) attacks (9f61271dc): https://codeql.github.com/codeql-query-help/python/py-xxe/

[varLib.iup] Added workaround for a Cython bug in iup_delta_optimize that was leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas (60126435d, cython/cython#5732).

[varLib] Added new command-line entry point fonttools varLib.avar to add an avar table to an existing VF from axes mappings in a .designspace file (0a3360e52).

[instancer] Fixed bug whereby no longer used variation regions were not correctly pruned after VarData optimization (#3268).

Added support for Python 3.12 (#3283).

Changelog

Sourced from fonttools's changelog.

4.43.0 (released 2023-09-29)

[subset] Set up lxml XMLParser(resolve_entities=False) when parsing OT-SVG documents to prevent XML External Entity (XXE) attacks (9f61271dc): https://codeql.github.com/codeql-query-help/python/py-xxe/

[varLib.iup] Added workaround for a Cython bug in iup_delta_optimize that was leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas (60126435d, cython/cython#5732).

[varLib] Added new command-line entry point fonttools varLib.avar to add an avar table to an existing VF from axes mappings in a .designspace file (0a3360e52).

[instancer] Fixed bug whereby no longer used variation regions were not correctly pruned after VarData optimization (#3268).

Added support for Python 3.12 (#3283).

Commits

145460e Release 4.43.0
64f3fd8 Update changelog [skip ci]
7aea49e Merge pull request #3283 from hugovk/main
4470c44 Bump requirements.txt to support Python 3.12
0c87cba Bump scipy for Python 3.12 support
eda6fa5 Add support for Python 3.12
0e033b0 Bump reportlab from 3.6.12 to 3.6.13 in /Doc
6012643 [iup] Work around cython bug
b14268a [iup] Remove copy/pasta
0a3360e [varLib.avar] New module to compile avar from .designspace file
Additional commits viewable in compare view

Updates gitpython from 3.1.32 to 3.1.41

Release notes

Sourced from gitpython's releases.

3.1.41 - fix Windows security issue

The details about the Windows security issue can be found in this advisory.

Special thanks go to @EliahKagan who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️.

What's Changed

Add __all__ in git.exc by @EliahKagan in gitpython-developers/GitPython#1719

Set submodule update cadence to weekly by @EliahKagan in gitpython-developers/GitPython#1721

Never modify sys.path by @EliahKagan in gitpython-developers/GitPython#1720

Bump git/ext/gitdb from 8ec2390 to ec58b7e by @dependabot in gitpython-developers/GitPython#1722

Revise comments, docstrings, some messages, and a bit of code by @EliahKagan in gitpython-developers/GitPython#1725

Use zero-argument super() by @EliahKagan in gitpython-developers/GitPython#1726

Remove obsolete note in _iter_packed_refs by @EliahKagan in gitpython-developers/GitPython#1727

Reorganize test_util and make xfail marks precise by @EliahKagan in gitpython-developers/GitPython#1729

Clarify license and make module top comments more consistent by @EliahKagan in gitpython-developers/GitPython#1730

Deprecate compat.is_, rewriting all uses by @EliahKagan in gitpython-developers/GitPython#1732

Revise and restore some module docstrings by @EliahKagan in gitpython-developers/GitPython#1735

Make the rmtree callback Windows-only by @EliahKagan in gitpython-developers/GitPython#1739

List all non-passing tests in test summaries by @EliahKagan in gitpython-developers/GitPython#1740

Document some minor subtleties in test_util.py by @EliahKagan in gitpython-developers/GitPython#1749

Always read metadata files as UTF-8 in setup.py by @EliahKagan in gitpython-developers/GitPython#1748

Test native Windows on CI by @EliahKagan in gitpython-developers/GitPython#1745

Test macOS on CI by @EliahKagan in gitpython-developers/GitPython#1752

Let close_fds be True on all platforms by @EliahKagan in gitpython-developers/GitPython#1753

Fix IndexFile.from_tree on Windows by @EliahKagan in gitpython-developers/GitPython#1751

Remove unused TASKKILL fallback in AutoInterrupt by @EliahKagan in gitpython-developers/GitPython#1754

Don't return with operand when conceptually void by @EliahKagan in gitpython-developers/GitPython#1755

Group .gitignore entries by purpose by @EliahKagan in gitpython-developers/GitPython#1758

Adding dubious ownership handling by @marioaag in gitpython-developers/GitPython#1746

Avoid brittle assumptions about preexisting temporary files in tests by @EliahKagan in gitpython-developers/GitPython#1759

Overhaul noqa directives by @EliahKagan in gitpython-developers/GitPython#1760

Clarify some Git.execute kill_after_timeout limitations by @EliahKagan in gitpython-developers/GitPython#1761

Bump actions/setup-python from 4 to 5 by @dependabot in gitpython-developers/GitPython#1763

Don't install black on Cygwin by @EliahKagan in gitpython-developers/GitPython#1766

Extract all "import gc" to module level by @EliahKagan in gitpython-developers/GitPython#1765

Extract remaining local "import gc" to module level by @EliahKagan in gitpython-developers/GitPython#1768

Replace xfail with gc.collect in TestSubmodule.test_rename by @EliahKagan in gitpython-developers/GitPython#1767

Enable CodeQL by @EliahKagan in gitpython-developers/GitPython#1769

Replace some uses of the deprecated mktemp function by @EliahKagan in gitpython-developers/GitPython#1770

Bump github/codeql-action from 2 to 3 by @dependabot in gitpython-developers/GitPython#1773

Run some Windows environment variable tests only on Windows by @EliahKagan in gitpython-developers/GitPython#1774

Fix TemporaryFileSwap regression where file_path could not be Path by @EliahKagan in gitpython-developers/GitPython#1776

Improve hooks tests by @EliahKagan in gitpython-developers/GitPython#1777

Fix if items of Index is of type PathLike by @stegm in gitpython-developers/GitPython#1778

Better document IterableObj.iter_items and improve some subclasses by @EliahKagan in gitpython-developers/GitPython#1780

Revert "Don't install black on Cygwin" by @EliahKagan in gitpython-developers/GitPython#1783

Add missing pip in $PATH on Cygwin CI by @EliahKagan in gitpython-developers/GitPython#1784

Shorten Iterable docstrings and put IterableObj first by @EliahKagan in gitpython-developers/GitPython#1785

Fix incompletely revised Iterable/IterableObj docstrings by @EliahKagan in gitpython-developers/GitPython#1786

Pre-deprecate setting Git.USE_SHELL by @EliahKagan in gitpython-developers/GitPython#1782

... (truncated)

Commits

f288738 bump patch level
ef3192c Merge pull request #1792 from EliahKagan/popen
1f3caa3 Further clarify comment in test_hook_uses_shell_not_from_cwd
3eb7c2a Move safer_popen from git.util to git.cmd
c551e91 Extract shared logic for using Popen safely on Windows
15ebb25 Clarify comment in test_hook_uses_shell_not_from_cwd
f44524a Avoid spurious "location may have moved" on Windows
a42ea0a Cover absent/no-distro bash.exe in hooks "not from cwd" test
7751436 Extract venv management from test_installation
66ff4c1 Omit CWD in search for bash.exe to run hooks on Windows
Additional commits viewable in compare view

Updates gunicorn from 21.2.0 to 22.0.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12

** Breaking changes **

minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to vari...
Description has been truncated

Bumps the pip group with 17 updates: | Package | From | To | | --- | --- | --- | | [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.3.0` | `1.5.0` | | [mlflow](https://github.com/mlflow/mlflow) | `2.10.2` | `2.14.2` | | [pillow](https://github.com/python-pillow/Pillow) | `9.5.0` | `10.3.0` | | [certifi](https://github.com/certifi/python-certifi) | `2023.7.22` | `2024.7.4` | | [fonttools](https://github.com/fonttools/fonttools) | `4.42.1` | `4.43.0` | | [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.32` | `3.1.41` | | [gunicorn](https://github.com/benoitc/gunicorn) | `21.2.0` | `22.0.0` | | [idna](https://github.com/kjd/idna) | `3.4` | `3.7` | | [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.4` | | [pyarrow](https://github.com/apache/arrow) | `12.0.1` | `14.0.1` | | [requests](https://github.com/psf/requests) | `2.31.0` | `2.32.2` | | [setuptools](https://github.com/pypa/setuptools) | `69.0.3` | `70.0.0` | | [sqlparse](https://github.com/andialbrecht/sqlparse) | `0.4.4` | `0.5.0` | | [tornado](https://github.com/tornadoweb/tornado) | `6.4` | `6.4.1` | | [urllib3](https://github.com/urllib3/urllib3) | `2.0.4` | `2.2.2` | | [werkzeug](https://github.com/pallets/werkzeug) | `2.3.7` | `3.0.3` | | [zipp](https://github.com/jaraco/zipp) | `3.16.2` | `3.19.1` | Updates `scikit-learn` from 1.3.0 to 1.5.0 - [Release notes](https://github.com/scikit-learn/scikit-learn/releases) - [Commits](scikit-learn/scikit-learn@1.3.0...1.5.0) Updates `mlflow` from 2.10.2 to 2.14.2 - [Release notes](https://github.com/mlflow/mlflow/releases) - [Changelog](https://github.com/mlflow/mlflow/blob/master/CHANGELOG.md) - [Commits](mlflow/mlflow@v2.10.2...v2.14.2) Updates `pillow` from 9.5.0 to 10.3.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@9.5.0...10.3.0) Updates `certifi` from 2023.7.22 to 2024.7.4 - [Commits](certifi/python-certifi@2023.07.22...2024.07.04) Updates `fonttools` from 4.42.1 to 4.43.0 - [Release notes](https://github.com/fonttools/fonttools/releases) - [Changelog](https://github.com/fonttools/fonttools/blob/main/NEWS.rst) - [Commits](fonttools/fonttools@4.42.1...4.43.0) Updates `gitpython` from 3.1.32 to 3.1.41 - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.32...3.1.41) Updates `gunicorn` from 21.2.0 to 22.0.0 - [Release notes](https://github.com/benoitc/gunicorn/releases) - [Commits](benoitc/gunicorn@21.2.0...22.0.0) Updates `idna` from 3.4 to 3.7 - [Release notes](https://github.com/kjd/idna/releases) - [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst) - [Commits](kjd/idna@v3.4...v3.7) Updates `jinja2` from 3.1.2 to 3.1.4 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.4) Updates `pyarrow` from 12.0.1 to 14.0.1 - [Release notes](https://github.com/apache/arrow/releases) - [Commits](apache/arrow@r-12.0.1...go/v14.0.1) Updates `requests` from 2.31.0 to 2.32.2 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.31.0...v2.32.2) Updates `setuptools` from 69.0.3 to 70.0.0 - [Release notes](https://github.com/pypa/setuptools/releases) - [Changelog](https://github.com/pypa/setuptools/blob/main/NEWS.rst) - [Commits](pypa/setuptools@v69.0.3...v70.0.0) Updates `sqlparse` from 0.4.4 to 0.5.0 - [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG) - [Commits](andialbrecht/sqlparse@0.4.4...0.5.0) Updates `tornado` from 6.4 to 6.4.1 - [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst) - [Commits](tornadoweb/tornado@v6.4.0...v6.4.1) Updates `urllib3` from 2.0.4 to 2.2.2 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.0.4...2.2.2) Updates `werkzeug` from 2.3.7 to 3.0.3 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@2.3.7...3.0.3) Updates `zipp` from 3.16.2 to 3.19.1 - [Release notes](https://github.com/jaraco/zipp/releases) - [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst) - [Commits](jaraco/zipp@v3.16.2...v3.19.1) --- updated-dependencies: - dependency-name: scikit-learn dependency-type: direct:production dependency-group: pip - dependency-name: mlflow dependency-type: direct:production dependency-group: pip - dependency-name: pillow dependency-type: direct:production dependency-group: pip - dependency-name: certifi dependency-type: indirect dependency-group: pip - dependency-name: fonttools dependency-type: indirect dependency-group: pip - dependency-name: gitpython dependency-type: indirect dependency-group: pip - dependency-name: gunicorn dependency-type: indirect dependency-group: pip - dependency-name: idna dependency-type: indirect dependency-group: pip - dependency-name: jinja2 dependency-type: indirect dependency-group: pip - dependency-name: pyarrow dependency-type: indirect dependency-group: pip - dependency-name: requests dependency-type: indirect dependency-group: pip - dependency-name: setuptools dependency-type: indirect dependency-group: pip - dependency-name: sqlparse dependency-type: indirect dependency-group: pip - dependency-name: tornado dependency-type: indirect dependency-group: pip - dependency-name: urllib3 dependency-type: indirect dependency-group: pip - dependency-name: werkzeug dependency-type: indirect dependency-group: pip - dependency-name: zipp dependency-type: indirect dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added the dependencies Pull requests that update a dependency file label Jul 15, 2024

dependabot Bot assigned futabato Jul 15, 2024

dependabot Bot mentioned this pull request Jul 15, 2024

⬆️ Bump the pip group with 16 updates #37

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

⬆️ Bump the pip group with 17 updates#39

⬆️ Bump the pip group with 17 updates#39
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pip-2450ccf630

dependabot Bot commented on behalf of github Jul 15, 2024

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

dependabot Bot commented on behalf of github Jul 15, 2024

Scikit-learn 1.5.0

Scikit-learn 1.4.2

Scikit-learn 1.4.1.post1

v2.14.0

2.14.0 (2024-06-17)

Major features:

2.14.2 (2024-07-03)

2.14.1 (2024-06-20)

2.14.0 (2024-06-17)

Major features:

10.3.0

Changes

10.3.0 (2024-04-01)

4.43.0

4.43.0 (released 2023-09-29)

3.1.41 - fix Windows security issue

What's Changed

Gunicorn 22.0 has been released

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant