Skip to content

chore(deps): bump the pip group across 1 directory with 2 updates#147

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/docker/pip-7ca6dcb842
Open

chore(deps): bump the pip group across 1 directory with 2 updates#147
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/docker/pip-7ca6dcb842

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 10, 2026

Copy link
Copy Markdown
Contributor

Bumps the pip group with 2 updates in the /docker directory: scikit-learn and torch.

Updates scikit-learn from 1.3.2 to 1.5.0

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.5.0

We're happy to announce the 1.5.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.5.html

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Scikit-learn 1.4.2

We're happy to announce the 1.4.2 release.

This release only includes support for numpy 2.

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

Scikit-learn 1.4.1.post1

We're happy to announce the 1.4.1.post1 release.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

... (truncated)

Commits

Updates torch from 2.1.0+cu121 to 2.12.0

Release notes

Sourced from torch's releases.

PyTorch 2.12.0 Release Notes

Highlights

For more details about these highlighted features, you can look at the release blogpost. Below are the full release notes for this release.

Backwards Incompatible Changes

Build Frontend

  • Strengthened SVE compile checks in FindARM.cmake, which may reject previously accepted but incorrect SVE configurations (#176646)

    Source builds that enable SVE now validate the compiler configuration more strictly. If a build previously passed with an incomplete or mismatched SVE setup, it may now fail during CMake configuration instead of later in compilation. Update the compiler/toolchain flags so they accurately describe the target SVE support, or disable SVE for that build.

  • Updated the minimum CUDA version required to build PyTorch from source to CUDA 12.6 (#178925)

    Building PyTorch from source with CUDA versions older than 12.6 is no longer supported. Users building custom binaries should install CUDA 12.6 or newer and make sure CUDA_HOME points to that installation.

    Version 2.11:

    CUDA_HOME=/usr/local/cuda-12.4 python setup.py develop

    Version 2.12:

    CUDA_HOME=/usr/local/cuda-12.6 python setup.py develop
  • Enforced a C++20 minimum in CMake build files (#178662)

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 2 updates in the /docker directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn) and [torch](https://github.com/pytorch/pytorch).


Updates `scikit-learn` from 1.3.2 to 1.5.0
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@1.3.2...1.5.0)

Updates `torch` from 2.1.0+cu121 to 2.12.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](https://github.com/pytorch/pytorch/commits/v2.12.0)

---
updated-dependencies:
- dependency-name: scikit-learn
  dependency-version: 1.5.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: torch
  dependency-version: 2.12.0
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 10, 2026
@vercel

vercel Bot commented Jun 10, 2026

Copy link
Copy Markdown

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
omnipkg Ready Ready Preview, Comment Jun 10, 2026 8:09pm

@deepsource-io

deepsource-io Bot commented Jun 10, 2026

Copy link
Copy Markdown
Contributor

DeepSource Code Review

We reviewed changes in de7cfe2...82f3092 on this pull request. Below is the summary for the review, and you can see the individual issues we found as inline review comments.

See full review on DeepSource ↗

PR Report Card

Overall Grade   Security  

Reliability  

Complexity  

Hygiene  

Code Review Summary

Analyzer Status Updated (UTC) Details
Python Jun 10, 2026 8:08p.m. Review ↗

Important

AI Review is run only on demand for your team. We're only showing results of static analysis review right now. To trigger AI Review, comment @deepsourcebot review on this thread.

@socket-security

Copy link
Copy Markdown

Review the following changes in direct dependencies. Learn more about Socket for GitHub.

Diff Package Supply Chain
Security
Vulnerability Quality Maintenance License
Addedpypi/​torch@​2.12.073100100100100

View full report

@github-actions

Copy link
Copy Markdown
Contributor

Dependency Review

The following issues were found:
  • ✅ 0 vulnerable package(s)
  • ✅ 0 package(s) with incompatible licenses
  • ✅ 0 package(s) with invalid SPDX license definitions
  • ⚠️ 3 package(s) with unknown licenses.
See the Details below.

License Issues

setup.py

PackageVersionLicenseIssue Type
cryptography48.0.1NullUnknown License
filelock3.29.3NullUnknown License
uv0.11.20NullUnknown License

OpenSSF Scorecard

PackageVersionScoreDetails
pip/cryptography 48.0.1 UnknownUnknown
pip/filelock 3.29.3 UnknownUnknown
pip/uv 0.11.20 UnknownUnknown

Scanned Files

  • docker/requirements-science.txt
  • setup.py

@sonarqubecloud

Copy link
Copy Markdown

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants