Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the pip group across 1 directory with 23 updates #1

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the pip group across 1 directory with 23 updates #1

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Feb 24, 2025

Bumps the pip group with 23 updates in the / directory:

Package From To
aiohttp 3.8.1 3.10.11
black 22.1.0 24.3.0
certifi 2021.10.8 2024.7.4
fonttools 4.29.1 4.43.0
gitpython 3.1.27 3.1.41
gunicorn 20.1.0 22.0.0
idna 3.3 3.7
ipython 8.1.1 8.32.0
jinja2 3.0.3 3.1.5
lightgbm 3.3.2 4.6.0
mlflow 1.24.0 2.16.0
nltk 3.7 3.9
numexpr 2.8.1 2.8.5
pillow 9.0.1 10.3.0
pydantic 1.9.0 1.10.13
requests 2.27.1 2.32.2
scikit-learn 0.23.2 1.5.0
sqlparse 0.4.2 0.5.0
tornado 6.1 6.4.2
tqdm 4.63.0 4.66.3
urllib3 1.26.8 1.26.19
werkzeug 2.0.3 3.0.6
zipp 3.7.0 3.19.1

Updates aiohttp from 3.8.1 to 3.10.11

Release notes

Sourced from aiohttp's releases.

3.10.11

Bug fixes

  • Authentication provided by a redirect now takes precedence over provided auth when making requests with the client -- by :user:PLPeeters.

    Related issues and pull requests on GitHub: #9436.

  • Fixed :py:meth:WebSocketResponse.close() <aiohttp.web.WebSocketResponse.close> to discard non-close messages within its timeout window after sending close -- by :user:lenard-mosys.

    Related issues and pull requests on GitHub: #9506.

  • Fixed a deadlock that could occur while attempting to get a new connection slot after a timeout -- by :user:bdraco.

    The connector was not cancellation-safe.

    Related issues and pull requests on GitHub: #9670, #9671.

  • Fixed the WebSocket flow control calculation undercounting with multi-byte data -- by :user:bdraco.

    Related issues and pull requests on GitHub: #9686.

  • Fixed incorrect parsing of chunk extensions with the pure Python parser -- by :user:bdraco.

    Related issues and pull requests on GitHub: #9851.

  • Fixed system routes polluting the middleware cache -- by :user:bdraco.

    Related issues and pull requests on GitHub:

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.10.11 (2024-11-13)

Bug fixes

  • Authentication provided by a redirect now takes precedence over provided auth when making requests with the client -- by :user:PLPeeters.

    Related issues and pull requests on GitHub: :issue:9436.

  • Fixed :py:meth:WebSocketResponse.close() <aiohttp.web.WebSocketResponse.close> to discard non-close messages within its timeout window after sending close -- by :user:lenard-mosys.

    Related issues and pull requests on GitHub: :issue:9506.

  • Fixed a deadlock that could occur while attempting to get a new connection slot after a timeout -- by :user:bdraco.

    The connector was not cancellation-safe.

    Related issues and pull requests on GitHub: :issue:9670, :issue:9671.

  • Fixed the WebSocket flow control calculation undercounting with multi-byte data -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:9686.

  • Fixed incorrect parsing of chunk extensions with the pure Python parser -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:9851.

  • Fixed system routes polluting the middleware cache -- by :user:bdraco.

... (truncated)

Commits
  • 3e09325 Remove 3.10.11rc0 from 3.10 changelog (#9858)
  • beb7b74 Release 3.10.11 (#9857)
  • 259edc3 [PR #9851/541d86d backport][3.10] Fix incorrect parsing of chunk extensions w...
  • bc15db6 [PR #9852/249855a backport][3.10] Fix system routes polluting the middleware ...
  • 158bf30 Release 3.10.11rc0 (#9848)
  • e5917cd [PR #9844/fabf3884 backport][3.10] Fix compressed get request benchmark paylo...
  • 68a1f42 [PR #9840/cc5fa316 backport][3.10] Add benchmark for sending compressed paylo...
  • 4f4b90f [PR #9835/32ccfc9a backport][3.10] Adjust client payload benchmarks to better...
  • f3dd0f9 [PR #9832/006f4070 backport][3.10] Increase allowed import time for Python 3....
  • f2aab2e [PR #9827/14fcfd4c backport][3.10] Adjust client GET read benchmarks to inclu...
  • Additional commits viewable in compare view

Updates black from 22.1.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

  • Don't move comments along with delimiters, which could cause crashes (#4248)
  • Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
  • Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

  • Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

  • Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

  • Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

  • Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
  • Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
  • Checking for newline before adding one on docstring that is almost at the line limit (#4185)
  • Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

  • Don't move comments along with delimiters, which could cause crashes (#4248)
  • Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
  • Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

  • Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

  • Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

  • Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

  • Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
  • Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
  • Checking for newline before adding one on docstring that is almost at the line limit (#4185)
  • Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

Updates certifi from 2021.10.8 to 2024.7.4

Commits

Updates fonttools from 4.29.1 to 4.43.0

Release notes

Sourced from fonttools's releases.

4.43.0

  • [subset] Set up lxml XMLParser(resolve_entities=False) when parsing OT-SVG documents to prevent XML External Entity (XXE) attacks (9f61271dc): https://codeql.github.com/codeql-query-help/python/py-xxe/
  • [varLib.iup] Added workaround for a Cython bug in iup_delta_optimize that was leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas (60126435d, cython/cython#5732).
  • [varLib] Added new command-line entry point fonttools varLib.avar to add an avar table to an existing VF from axes mappings in a .designspace file (0a3360e52).
  • [instancer] Fixed bug whereby no longer used variation regions were not correctly pruned after VarData optimization (#3268).
  • Added support for Python 3.12 (#3283).

4.42.1

  • [t1Lib] Fixed several Type 1 issues (#3238, #3240).
  • [otBase/packer] Allow sharing tables reached by different offset sizes (#3241, #3236, 457f11c2).
  • [varLib/merger] Fix Cursive attachment merging error when all anchors are NULL (#3248, #3247).
  • [ttLib] Fixed warning when calling addMultilingualName and ttFont parameter was not passed on to findMultilingualName (#3253).

4.42.0

  • [varLib] Use sentinel value 0xFFFF to mark a glyph advance in hmtx/vmtx as non participating, allowing sparse masters to contain glyphs for variation purposes other than {H,V}VAR (#3235).
  • [varLib/cff] Treat empty glyphs in non-default masters as missing, thus not participating in CFF2 delta computation, similarly to how varLib already treats them for gvar (#3234).
  • Added varLib.avarPlanner script to deduce 'correct' avar v1 axis mappings based on glyph average weights (#3223).

4.41.1

  • [subset] Fixed perf regression in v4.41.0 by making NameRecordVisitor only visit tables that do contain nameID references (#3213, #3214).
  • [varLib.instancer] Support instancing fonts containing null ConditionSet offsets in FeatureVariationRecords (#3211, #3212).
  • [statisticsPen] Report font glyph-average weight/width and font-wide slant.
  • [fontBuilder] Fixed head.created date incorrectly set to 0 instead of the current timestamp, regression introduced in v4.40.0 (#3210).
  • [varLib.merger] Support sparse CursivePos masters (#3209).

4.41.0

  • [fontBuilder] Fixed bug in setupOS2 with default panose attribute incorrectly being set to a dict instead of a Panose object (#3201).
  • [name] Added method to removeUnusedNameRecords in the user range (#3185).
  • [varLib.instancer] Fixed issue with L4 instancing (moving default) (#3179).
  • [cffLib] Use latin1 so we can roundtrip non-ASCII in {Full,Font,Family}Name (#3202).
  • [designspaceLib] Mark as optional in docs (as it is in the code).
  • [glyf-1] Fixed drawPoints() bug whereby last cubic segment becomes quadratic (#3189, #3190).
  • [fontBuilder] Propagate the 'hidden' flag to the fvar Axis instance (#3184).
  • [fontBuilder] Update setupAvar() to also support avar 2, fixing _add_avar() call site (#3183).
  • Added new voltLib.voltToFea submodule (originally Tiro Typeworks' "Volto") for converting VOLT OpenType Layout sources to FEA format (#3164).

4.40.0

  • Published native binary wheels to PyPI for all the python minor versions and platform and architectures currently supported that would benefit from this. They will include precompiled Cython-accelerated modules (e.g. cu2qu) without requiring to compile them from source. The pure-python wheel and source distribution will continue to be published as always (pip will automatically chose them when no binary wheel is available for the given platform, e.g. pypy). Use pip install --no-binary=fonttools fonttools to expliclity request pip to install from the pure-python source.
  • [designspaceLib|varLib] Add initial support for specifying axis mappings and build avar2 table from those (#3123).
  • [feaLib] Support variable ligature caret position (#3130).
  • [varLib|glyf] Added option to --drop-implied-oncurves; test for impliable oncurve points either before or after rounding (#3146, #3147, #3155, #3156).
  • [TTGlyphPointPen] Don't error with empty contours, simply ignore them (#3145).
  • [sfnt] Fixed str vs bytes remnant of py3 transition in code dealing with de/compiling WOFF metadata (#3129).
  • [instancer-solver] Fixed bug when moving default instance with sparse masters (#3139, #3140).
  • [feaLib] Simplify variable scalars that don’t vary (#3132).
  • [pens] Added filter pen that explicitly emits closing line when lastPt != movePt (#3100).
  • [varStore] Improve optimize algorithm and better document the algorithm (#3124, #3127).
    Added quantization option (#3126).
  • Added CI workflow config file for building native binary wheels (#3121).
  • [fontBuilder] Added glyphDataFormat=0 option; raise error when glyphs contain cubic outlines but glyphDataFormat was not explicitly set to 1 (#3113, #3119).

... (truncated)

Changelog

Sourced from fonttools's changelog.

4.43.0 (released 2023-09-29)

  • [subset] Set up lxml XMLParser(resolve_entities=False) when parsing OT-SVG documents to prevent XML External Entity (XXE) attacks (9f61271dc): https://codeql.github.com/codeql-query-help/python/py-xxe/
  • [varLib.iup] Added workaround for a Cython bug in iup_delta_optimize that was leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas (60126435d, cython/cython#5732).
  • [varLib] Added new command-line entry point fonttools varLib.avar to add an avar table to an existing VF from axes mappings in a .designspace file (0a3360e52).
  • [instancer] Fixed bug whereby no longer used variation regions were not correctly pruned after VarData optimization (#3268).
  • Added support for Python 3.12 (#3283).

4.42.1 (released 2023-08-20)

  • [t1Lib] Fixed several Type 1 issues (#3238, #3240).
  • [otBase/packer] Allow sharing tables reached by different offset sizes (#3241, #3236).
  • [varLib/merger] Fix Cursive attachment merging error when all anchors are NULL (#3248, #3247).
  • [ttLib] Fixed warning when calling addMultilingualName and ttFont parameter was not passed on to findMultilingualName (#3253).

4.42.0 (released 2023-08-02)

  • [varLib] Use sentinel value 0xFFFF to mark a glyph advance in hmtx/vmtx as non participating, allowing sparse masters to contain glyphs for variation purposes other than {H,V}VAR (#3235).
  • [varLib/cff] Treat empty glyphs in non-default masters as missing, thus not participating in CFF2 delta computation, similarly to how varLib already treats them for gvar (#3234).
  • Added varLib.avarPlanner script to deduce 'correct' avar v1 axis mappings based on glyph average weights (#3223).

4.41.1 (released 2023-07-21)

  • [subset] Fixed perf regression in v4.41.0 by making NameRecordVisitor only visit tables that do contain nameID references (#3213, #3214).
  • [varLib.instancer] Support instancing fonts containing null ConditionSet offsets in FeatureVariationRecords (#3211, #3212).
  • [statisticsPen] Report font glyph-average weight/width and font-wide slant.
  • [fontBuilder] Fixed head.created date incorrectly set to 0 instead of the current timestamp, regression introduced in v4.40.0 (#3210).
  • [varLib.merger] Support sparse CursivePos masters (#3209).

4.41.0 (released 2023-07-12)

... (truncated)

Commits
  • 145460e Release 4.43.0
  • 64f3fd8 Update changelog [skip ci]
  • 7aea49e Merge pull request #3283 from hugovk/main
  • 4470c44 Bump requirements.txt to support Python 3.12
  • 0c87cba Bump scipy for Python 3.12 support
  • eda6fa5 Add support for Python 3.12
  • 0e033b0 Bump reportlab from 3.6.12 to 3.6.13 in /Doc
  • 6012643 [iup] Work around cython bug
  • b14268a [iup] Remove copy/pasta
  • 0a3360e [varLib.avar] New module to compile avar from .designspace file
  • Additional commits viewable in compare view

Updates gitpython from 3.1.27 to 3.1.41

Release notes

Sourced from gitpython's releases.

3.1.41 - fix Windows security issue

The details about the Windows security issue can be found in this advisory.

Special thanks go to @​EliahKagan who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️.

What's Changed

... (truncated)

Commits
  • f288738 bump patch level
  • ef3192c Merge pull request #1792 from EliahKagan/popen
  • 1f3caa3 Further clarify comment in test_hook_uses_shell_not_from_cwd
  • 3eb7c2a Move safer_popen from git.util to git.cmd
  • c551e91 Extract shared logic for using Popen safely on Windows
  • 15ebb25 Clarify comment in test_hook_uses_shell_not_from_cwd
  • f44524a Avoid spurious "location may have moved" on Windows
  • a42ea0a Cover absent/no-distro bash.exe in hooks "not from cwd" test
  • 7751436 Extract venv management from test_installation
  • 66ff4c1 Omit CWD in search for bash.exe to run hooks on Windows
  • Additional commits viewable in compare view

Updates gunicorn from 20.1.0 to 22.0.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

    

  • use utime to notify workers liveness
    • 

  • migrate setup to pyproject.toml
    • 

  • fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
    • 

  • parsing additional requests is no longer attempted past unsupported request framing
    • 

  • on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
    • 

  • requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
    • 

  • Trailer fields are no longer inspected for headers indicating secure scheme
    • 

  • support Python 3.12
    • 



** Breaking changes **


    

  • minimum version is Python 3.7
    • 

  • the limitations on valid characters in the HTTP method have been bounded to Internet Standards
    • 

  • requests specifying unsupported transfer coding (order) are refused by default (rare)
    • 

  • HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
    • 

  • HTTP methods containing the number sign (#) are no longer accepted by default (rare)
    • 

  • HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
    • 

  • HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
    • 

  • HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
    • 

  • HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
    • 

  • requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
    • 

  • empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)
    • 



** SECURITY **


    

  • fix CVE-2024-1135
  1. Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
  2. Packages: https://pypi.org/project/gunicorn/

Gunicorn 21.2.0 has been released

Gunicorn 21.2.0 has been released. This version fix the issue introduced in the threaded worker.

Changes:

21.2.0 - 2023-07-19
===================
fix thread worker: revert change considering connection as idle .
</tr></table>

... (truncated)

Commits
  • f63d59e bump to 22.0
  • 4ac81e0 Merge pull request #3175 from e-kwsm/typo
  • 401cecf Merge pull request #3179 from dhdaines/exclude-eventlet-0360
  • 0243ec3 fix(deps): exclude eventlet 0.36.0
  • 628a0bc chore: fix typos
  • 88fc4a4 Merge pull request #3131 from pajod/patch-py12-rebased
  • deae2fc CI: back off the agressive timeout
  • f470382 docs: promise 3.12 compat
  • 5e30bfa add changelog to project.urls (updated for PEP621)
  • 481c3f9 remove setup.cfg - overridden by pyproject.toml
  • Additional commits viewable in compare view

Updates idna from 3.3 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6 (2023-11-25) ++++++++++++++++

  • Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

  • Update to Unicode 15.1.0
  • String codec name is now "idna2008" as overriding the system codec "idna" was not working.
  • Fix typing error for codec encoding
  • "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
  • Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
  • Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

3.4 (2022-09-14) ++++++++++++++++

  • Update to Unicode 15.0.0
  • Migrate to pyproject.toml for build information (PEP 621)
  • Correct another instance where generic exception was raised instead of IDNAError for malformed input
  • Source distribution uses zeroized file ownership for improved reproducibility

Thanks to Seth Michael Larson for contributions to this release.

Commits
  • 1d365e1 Release v3.7
  • c1b3154 Merge pull request #172 from kjd/optimize-contextj
  • 0394ec7 Merge branch 'master' into optimize-contextj
  • cd58a23 Merge pull request #152 from elliotwutingfeng/dev
  • 5beb28b More efficient resolution of joiner contexts
  • 1b12148 Update ossf/scorecard-action to v2.3.1
  • d516b87 Update Github actions/checkout to v4
  • c095c75 Merge branch 'master' into dev
  • 60a0a4c Fix typo in GitHub Actions workflow key
  • 5918a0e Merge branch 'master' into dev
  • Additional commits viewable in compare view

Updates ipython from 8.1.1 to 8.32.0

Commits

Updates jinja2 from 3.0.3 to 3.1.5

Release notes

Sourced from jinja2's releases.

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. #2032
  • Calling sync render for an async template uses asyncio.run. #1952
  • Avoid unclosed auto_aiter warnings. #1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. #1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. #1960
  • The runtime uses the correct concat function for the current environment when calling block references. #1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
  • |int filter handles OverflowError from scientific notation. #1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
  • Fix copy/pickle support for the internal missing object. #2027
  • Environment.overlay(enable_async) is applied correctly. #2061
  • The error message from FileSystemLoader includes the paths that were searched. #1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. <...

    Description has been truncated

@dependabot
Bump the pip group across 1 directory with 23 updates
12b7842 
Bumps the pip group with 23 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.8.1` | `3.10.11` |
| [black](https://github.com/psf/black) | `22.1.0` | `24.3.0` |
| [certifi](https://github.com/certifi/python-certifi) | `2021.10.8` | `2024.7.4` |
| [fonttools](https://github.com/fonttools/fonttools) | `4.29.1` | `4.43.0` |
| [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.27` | `3.1.41` |
| [gunicorn](https://github.com/benoitc/gunicorn) | `20.1.0` | `22.0.0` |
| [idna](https://github.com/kjd/idna) | `3.3` | `3.7` |
| [ipython](https://github.com/ipython/ipython) | `8.1.1` | `8.32.0` |
| [jinja2](https://github.com/pallets/jinja) | `3.0.3` | `3.1.5` |
| [lightgbm](https://github.com/microsoft/LightGBM) | `3.3.2` | `4.6.0` |
| [mlflow](https://github.com/mlflow/mlflow) | `1.24.0` | `2.16.0` |
| [nltk](https://github.com/nltk/nltk) | `3.7` | `3.9` |
| [numexpr](https://github.com/pydata/numexpr) | `2.8.1` | `2.8.5` |
| [pillow](https://github.com/python-pillow/Pillow) | `9.0.1` | `10.3.0` |
| [pydantic](https://github.com/pydantic/pydantic) | `1.9.0` | `1.10.13` |
| [requests](https://github.com/psf/requests) | `2.27.1` | `2.32.2` |
| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `0.23.2` | `1.5.0` |
| [sqlparse](https://github.com/andialbrecht/sqlparse) | `0.4.2` | `0.5.0` |
| [tornado](https://github.com/tornadoweb/tornado) | `6.1` | `6.4.2` |
| [tqdm](https://github.com/tqdm/tqdm) | `4.63.0` | `4.66.3` |
| [urllib3](https://github.com/urllib3/urllib3) | `1.26.8` | `1.26.19` |
| [werkzeug](https://github.com/pallets/werkzeug) | `2.0.3` | `3.0.6` |
| [zipp](https://github.com/jaraco/zipp) | `3.7.0` | `3.19.1` |



Updates `aiohttp` from 3.8.1 to 3.10.11
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](aio-libs/aiohttp@v3.8.1...v3.10.11)

Updates `black` from 22.1.0 to 24.3.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@22.1.0...24.3.0)

Updates `certifi` from 2021.10.8 to 2024.7.4
- [Commits](certifi/python-certifi@2021.10.08...2024.07.04)

Updates `fonttools` from 4.29.1 to 4.43.0
- [Release notes](https://github.com/fonttools/fonttools/releases)
- [Changelog](https://github.com/fonttools/fonttools/blob/main/NEWS.rst)
- [Commits](fonttools/fonttools@4.29.1...4.43.0)

Updates `gitpython` from 3.1.27 to 3.1.41
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.27...3.1.41)

Updates `gunicorn` from 20.1.0 to 22.0.0
- [Release notes](https://github.com/benoitc/gunicorn/releases)
- [Commits](benoitc/gunicorn@20.1.0...22.0.0)

Updates `idna` from 3.3 to 3.7
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.3...v3.7)

Updates `ipython` from 8.1.1 to 8.32.0
- [Release notes](https://github.com/ipython/ipython/releases)
- [Commits](ipython/ipython@8.1.1...8.32.0)

Updates `jinja2` from 3.0.3 to 3.1.5
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.0.3...3.1.5)

Updates `lightgbm` from 3.3.2 to 4.6.0
- [Release notes](https://github.com/microsoft/LightGBM/releases)
- [Commits](microsoft/LightGBM@v3.3.2...v4.6.0)

Updates `mlflow` from 1.24.0 to 2.16.0
- [Release notes](https://github.com/mlflow/mlflow/releases)
- [Changelog](https://github.com/mlflow/mlflow/blob/master/CHANGELOG.md)
- [Commits](mlflow/mlflow@v1.24.0...v2.16.0)

Updates `nltk` from 3.7 to 3.9
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.7...3.9)

Updates `numexpr` from 2.8.1 to 2.8.5
- [Release notes](https://github.com/pydata/numexpr/releases)
- [Changelog](https://github.com/pydata/numexpr/blob/master/RELEASE_NOTES.rst)
- [Commits](pydata/numexpr@v2.8.1...v2.8.5)

Updates `pillow` from 9.0.1 to 10.3.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@9.0.1...10.3.0)

Updates `pydantic` from 1.9.0 to 1.10.13
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v1.9.0...v1.10.13)

Updates `requests` from 2.27.1 to 2.32.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.27.1...v2.32.2)

Updates `scikit-learn` from 0.23.2 to 1.5.0
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@0.23.2...1.5.0)

Updates `sqlparse` from 0.4.2 to 0.5.0
- [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG)
- [Commits](andialbrecht/sqlparse@0.4.2...0.5.0)

Updates `tornado` from 6.1 to 6.4.2
- [Changelog](https://github.com/tornadoweb/tornado/blob/v6.4.2/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.1.0...v6.4.2)

Updates `tqdm` from 4.63.0 to 4.66.3
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](tqdm/tqdm@v4.63.0...v4.66.3)

Updates `urllib3` from 1.26.8 to 1.26.19
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.8...1.26.19)

Updates `werkzeug` from 2.0.3 to 3.0.6
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@2.0.3...3.0.6)

Updates `zipp` from 3.7.0 to 3.19.1
- [Release notes](https://github.com/jaraco/zipp/releases)
- [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst)
- [Commits](jaraco/zipp@v3.7.0...v3.19.1)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: black
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: certifi
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: fonttools
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: gitpython
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: gunicorn
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: idna
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: ipython
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: jinja2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: lightgbm
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: mlflow
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: nltk
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: numexpr
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pillow
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pydantic
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: scikit-learn
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: sqlparse
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tornado
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tqdm
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: urllib3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: werkzeug
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: zipp
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants