build(deps): bump the pip group across 1 directory with 7 updates#602
build(deps): bump the pip group across 1 directory with 7 updates#602dependabot[bot] wants to merge 1 commit into
Conversation
Bumps the pip group with 7 updates in the /flatpak directory: | Package | From | To | | --- | --- | --- | | [filelock](https://github.com/tox-dev/py-filelock) | `3.16.1` | `3.20.3` | | [nltk](https://github.com/nltk/nltk) | `3.9.1` | `3.9.4` | | [pillow](https://github.com/python-pillow/Pillow) | `10.2.0` | `12.2.0` | | [requests](https://github.com/psf/requests) | `2.32.3` | `2.33.0` | | [transformers](https://github.com/huggingface/transformers) | `4.49.0` | `5.0.0rc3` | | [urllib3](https://github.com/urllib3/urllib3) | `2.2.3` | `2.7.0` | | [cryptography](https://github.com/pyca/cryptography) | `44.0.2` | `46.0.7` | Updates `filelock` from 3.16.1 to 3.20.3 - [Release notes](https://github.com/tox-dev/py-filelock/releases) - [Changelog](https://github.com/tox-dev/filelock/blob/main/docs/changelog.rst) - [Commits](tox-dev/filelock@3.16.1...3.20.3) Updates `nltk` from 3.9.1 to 3.9.4 - [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog) - [Commits](nltk/nltk@3.9.1...3.9.4) Updates `pillow` from 10.2.0 to 12.2.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@10.2.0...12.2.0) Updates `requests` from 2.32.3 to 2.33.0 - [Release notes](https://github.com/psf/requests/releases) - [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md) - [Commits](psf/requests@v2.32.3...v2.33.0) Updates `transformers` from 4.49.0 to 5.0.0rc3 - [Release notes](https://github.com/huggingface/transformers/releases) - [Commits](huggingface/transformers@v4.49.0...v5.0.0rc3) Updates `urllib3` from 2.2.3 to 2.7.0 - [Release notes](https://github.com/urllib3/urllib3/releases) - [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst) - [Commits](urllib3/urllib3@2.2.3...2.7.0) Updates `cryptography` from 44.0.2 to 46.0.7 - [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst) - [Commits](pyca/cryptography@44.0.2...46.0.7) --- updated-dependencies: - dependency-name: filelock dependency-version: 3.20.3 dependency-type: direct:production dependency-group: pip - dependency-name: nltk dependency-version: 3.9.4 dependency-type: direct:production dependency-group: pip - dependency-name: pillow dependency-version: 12.2.0 dependency-type: direct:production dependency-group: pip - dependency-name: requests dependency-version: 2.33.0 dependency-type: direct:production dependency-group: pip - dependency-name: transformers dependency-version: 5.0.0rc3 dependency-type: direct:production dependency-group: pip - dependency-name: urllib3 dependency-version: 2.7.0 dependency-type: direct:production dependency-group: pip - dependency-name: cryptography dependency-version: 46.0.7 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>
|
Review the following changes in direct dependencies. Learn more about Socket for GitHub.
|
|
Warning Review the following alerts detected in dependencies. According to your organization's Security Policy, it is recommended to resolve "Warn" alerts. Learn more about Socket for GitHub.
|
|
Superseded by #603. |
Bumps the pip group with 7 updates in the /flatpak directory:
3.16.13.20.33.9.13.9.410.2.012.2.02.32.32.33.04.49.05.0.0rc32.2.32.7.044.0.246.0.7Updates
filelockfrom 3.16.1 to 3.20.3Release notes
Sourced from filelock's releases.
... (truncated)
Changelog
Sourced from filelock's changelog.
... (truncated)
Commits
41b42ddFix TOCTOU symlink vulnerability in SoftFileLock (#465)f2e7d40[pre-commit.ci] pre-commit autoupdate (#464)5088854Support Unix systems without O_NOFOLLOW (#463)377f622[pre-commit.ci] pre-commit autoupdate (#460)4724d7fFix TOCTOU symlink vulnerability in lock file creation (#461)cb69414Bump actions/upload-artifact from 5 to 6 (#459)0769294Bump actions/download-artifact from 6 to 7 (#458)414193a[pre-commit.ci] pre-commit autoupdate (#457)1456797[pre-commit.ci] pre-commit autoupdate (#456)8d6bf90Bump actions/checkout from 5 to 6 (#455)Updates
nltkfrom 3.9.1 to 3.9.4Changelog
Sourced from nltk's changelog.
... (truncated)
Commits
ad9c96bUpdate copyright year7edcddfUpdates for 3.9.4 release67a2736Merge pull request #3180 from yzhaoinuw/bug-on-edit_distance_align2b17ac5Fix edit_distance_align backtrace for high substitution costs4b72976Merge pull request #3018 from JuanIMartinezB/bug/shortid-longid8a5619fMerge pull request #3222 from Syzygy2048/feature/texttiling-vocabulary-introd...c6574d7Merge pull request #3289 from ihitamandal/codeflash/optimize-windowdiff-2024-...98ff5d9Merge pull request #3435 from Hrudhai01/fix-3260-detokenize-quotesaec4fceMerge pull request #3522 from ekaf/pathseceec4ee3Merge pull request #3526 from nltk/update-contributingUpdates
pillowfrom 10.2.0 to 12.2.0Release notes
Sourced from pillow's releases.
... (truncated)
Changelog
Sourced from pillow's changelog.
... (truncated)
Commits
3c41c0912.2.0 version bumpcdaa29eCheck calloc return value (#9527)585b2f5Check calloc return valueecf011eCheck all allocs in the Arrow tree (#9488)cf6de8cReject non-numeric elements inside list coords (#9526)ffdcedeUpdate 12.2.0 release notes (#9522)7929d77Added security release notes (#149)c4f7aa5Added security release notes22cdb5fMove variable declaration inside define (#9525)fc15b3bResize tall images vertically first (#9524)Updates
requestsfrom 2.32.3 to 2.33.0Release notes
Sourced from requests's releases.
... (truncated)
Changelog
Sourced from requests's changelog.
... (truncated)
Commits
bc04dfdv2.33.066d21cbMerge commit from fork8b9bc8fMove badges to top of README (#7293)e331a28Remove unused extraction call (#7292)753fd08docs: fix FAQ grammar in httplib2 example774a0b8docs(socks): same block as other sections9c72a41Bump github/codeql-action from 4.33.0 to 4.34.1ebf7190Bump github/codeql-action from 4.32.0 to 4.33.00e4ae38docs: exclude Response.is_permanent_redirect from API docs (#7244)d568f47docs: clarify Quickstart POST example (#6960)Updates
transformersfrom 4.49.0 to 5.0.0rc3Release notes
Sourced from transformers's releases.
... (truncated)
Commits
cb5079fv5.0.0rc3d1808f2[ci] Fixing some failing tests for important models (#43231)3d27645Add LightOnOCR model implementation (#41621)77146ccfix crash in when running FSDP2+TP (#43226)61317f5[CB] Ensure parallel decoding test passes using FA (#43277)1efe1a6Fix failingPegasusX,Mvp&LEDmodel integration tests (#43245)e8ae373[consistency] Ensure models are added to the_toctree.yml(#43264)c85be98[docs] tensorrt-llm (#43176)38022fd[style] Fix init isort and align makefile and CI (#43260)e977446Fix failingHiera,SwiftFormer&LEDModel integration tests (#43225)Updates
urllib3from 2.2.3 to 2.7.0Release notes
Sourced from urllib3's releases.
... (truncated)
Changelog
Sourced from urllib3's changelog.
... (truncated)
Commits
9a950b9Release 2.7.05ec0de4Merge commit from fork2bdcc44Merge commit from forkf45b0dfFix a misleading example forProxyManager(#4970)577193cSwitch to nightly PyPy3.11 in CI for now (#4984)e90af45Avoid infinite loop inHTTPResponse.read_chunkedwhenamt=0(#4974)67ed74fBump dev dependencies (#4972)3abd481Upgrade mypy to version 1.20.2 (#4978)2b8725dDrop support for EOL PyPy3.10 (#4979)2944b2aUpgradesetup-chromeandsetup-firefoxto fix warnings (#4973)Updates
cryptographyfrom 44.0.2 to 46.0.7Changelog
Sourced from cryptography's changelog.
... (truncated)
Commits
622d67246.0.7 release (#14602)91d7288Cherry-pick #14542 (#14543)06e120ebump version for 46.0.5 release (#14289)0eebb9dEC check key on cofactor > 1 (#14287)bedf6e1fix openssl version on 46 branch (#14220)e6f44fcbump for 46.0.4 and drop win arm64 due to CI issues (#14217)c0af4ddrelease 46.0.3 (#13681)99efe5abump version for 46.0.2 (#13531)e735cfcrelease 46.0.1 (#13450)4e457ffExplicitly specify python in mac uv build invocation (#13447)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to itDescription has been truncated