Bump the pip group across 1 directory with 17 updates by dependabot[bot] · Pull Request #1 · Kodifly/sphereformer

dependabot · 2025-05-09T07:04:07Z

Bumps the pip group with 17 updates in the / directory:

Package	From	To
fonttools	`4.33.3`	`4.43.0`
gitpython	`3.1.27`	`3.1.41`
grpcio	`1.46.3`	`1.53.2`
ipython	`7.34.0`	`8.10.0`
jinja2	`3.1.2`	`3.1.6`
joblib	`1.1.0`	`1.5.0`
jupyter-core	`4.10.0`	`4.11.2`
keras	`2.10.0`	`3.9.0`
oauthlib	`3.2.0`	`3.2.2`
pillow	`9.1.1`	`10.3.0`
protobuf	`3.19.4`	`6.30.2`
scikit-learn	`1.0.2`	`1.5.1`
sentry-sdk	`1.5.12`	`2.8.0`
tensorflow	`2.6.0`	`2.12.1`
torch	`1.8.0`	`2.7.0`
tornado	`6.1`	`6.4.2`
werkzeug	`2.1.2`	`3.0.6`

Updates fonttools from 4.33.3 to 4.43.0

Release notes

Sourced from fonttools's releases.

4.43.0

[subset] Set up lxml XMLParser(resolve_entities=False) when parsing OT-SVG documents to prevent XML External Entity (XXE) attacks (9f61271dc): https://codeql.github.com/codeql-query-help/python/py-xxe/

[varLib.iup] Added workaround for a Cython bug in iup_delta_optimize that was leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas (60126435d, cython/cython#5732).

[varLib] Added new command-line entry point fonttools varLib.avar to add an avar table to an existing VF from axes mappings in a .designspace file (0a3360e52).

[instancer] Fixed bug whereby no longer used variation regions were not correctly pruned after VarData optimization (#3268).

Added support for Python 3.12 (#3283).

4.42.1

[t1Lib] Fixed several Type 1 issues (#3238, #3240).

[otBase/packer] Allow sharing tables reached by different offset sizes (#3241, #3236, 457f11c2).

[varLib/merger] Fix Cursive attachment merging error when all anchors are NULL (#3248, #3247).

[ttLib] Fixed warning when calling addMultilingualName and ttFont parameter was not passed on to findMultilingualName (#3253).

4.42.0

[varLib] Use sentinel value 0xFFFF to mark a glyph advance in hmtx/vmtx as non participating, allowing sparse masters to contain glyphs for variation purposes other than {H,V}VAR (#3235).

[varLib/cff] Treat empty glyphs in non-default masters as missing, thus not participating in CFF2 delta computation, similarly to how varLib already treats them for gvar (#3234).

Added varLib.avarPlanner script to deduce 'correct' avar v1 axis mappings based on glyph average weights (#3223).

4.41.1

[subset] Fixed perf regression in v4.41.0 by making NameRecordVisitor only visit tables that do contain nameID references (#3213, #3214).

[varLib.instancer] Support instancing fonts containing null ConditionSet offsets in FeatureVariationRecords (#3211, #3212).

[statisticsPen] Report font glyph-average weight/width and font-wide slant.

[fontBuilder] Fixed head.created date incorrectly set to 0 instead of the current timestamp, regression introduced in v4.40.0 (#3210).

[varLib.merger] Support sparse CursivePos masters (#3209).

4.41.0

[fontBuilder] Fixed bug in setupOS2 with default panose attribute incorrectly being set to a dict instead of a Panose object (#3201).

[name] Added method to removeUnusedNameRecords in the user range (#3185).

[varLib.instancer] Fixed issue with L4 instancing (moving default) (#3179).

[cffLib] Use latin1 so we can roundtrip non-ASCII in {Full,Font,Family}Name (#3202).

[designspaceLib] Mark as optional in docs (as it is in the code).

[glyf-1] Fixed drawPoints() bug whereby last cubic segment becomes quadratic (#3189, #3190).

[fontBuilder] Propagate the 'hidden' flag to the fvar Axis instance (#3184).

[fontBuilder] Update setupAvar() to also support avar 2, fixing _add_avar() call site (#3183).

Added new voltLib.voltToFea submodule (originally Tiro Typeworks' "Volto") for converting VOLT OpenType Layout sources to FEA format (#3164).

4.40.0

Published native binary wheels to PyPI for all the python minor versions and platform and architectures currently supported that would benefit from this. They will include precompiled Cython-accelerated modules (e.g. cu2qu) without requiring to compile them from source. The pure-python wheel and source distribution will continue to be published as always (pip will automatically chose them when no binary wheel is available for the given platform, e.g. pypy). Use pip install --no-binary=fonttools fonttools to expliclity request pip to install from the pure-python source.

[designspaceLib|varLib] Add initial support for specifying axis mappings and build avar2 table from those (#3123).

[feaLib] Support variable ligature caret position (#3130).

[varLib|glyf] Added option to --drop-implied-oncurves; test for impliable oncurve points either before or after rounding (#3146, #3147, #3155, #3156).

[TTGlyphPointPen] Don't error with empty contours, simply ignore them (#3145).

[sfnt] Fixed str vs bytes remnant of py3 transition in code dealing with de/compiling WOFF metadata (#3129).

[instancer-solver] Fixed bug when moving default instance with sparse masters (#3139, #3140).

[feaLib] Simplify variable scalars that don’t vary (#3132).

[pens] Added filter pen that explicitly emits closing line when lastPt != movePt (#3100).

[varStore] Improve optimize algorithm and better document the algorithm (#3124, #3127).
Added quantization option (#3126).

Added CI workflow config file for building native binary wheels (#3121).

[fontBuilder] Added glyphDataFormat=0 option; raise error when glyphs contain cubic outlines but glyphDataFormat was not explicitly set to 1 (#3113, #3119).

... (truncated)

Changelog

Sourced from fonttools's changelog.

4.43.0 (released 2023-09-29)

[subset] Set up lxml XMLParser(resolve_entities=False) when parsing OT-SVG documents to prevent XML External Entity (XXE) attacks (9f61271dc): https://codeql.github.com/codeql-query-help/python/py-xxe/

[varLib.iup] Added workaround for a Cython bug in iup_delta_optimize that was leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas (60126435d, cython/cython#5732).

[varLib] Added new command-line entry point fonttools varLib.avar to add an avar table to an existing VF from axes mappings in a .designspace file (0a3360e52).

[instancer] Fixed bug whereby no longer used variation regions were not correctly pruned after VarData optimization (#3268).

Added support for Python 3.12 (#3283).

4.42.1 (released 2023-08-20)

[t1Lib] Fixed several Type 1 issues (#3238, #3240).

[otBase/packer] Allow sharing tables reached by different offset sizes (#3241, #3236).

[varLib/merger] Fix Cursive attachment merging error when all anchors are NULL (#3248, #3247).

[ttLib] Fixed warning when calling addMultilingualName and ttFont parameter was not passed on to findMultilingualName (#3253).

4.42.0 (released 2023-08-02)

[varLib] Use sentinel value 0xFFFF to mark a glyph advance in hmtx/vmtx as non participating, allowing sparse masters to contain glyphs for variation purposes other than {H,V}VAR (#3235).

[varLib/cff] Treat empty glyphs in non-default masters as missing, thus not participating in CFF2 delta computation, similarly to how varLib already treats them for gvar (#3234).

Added varLib.avarPlanner script to deduce 'correct' avar v1 axis mappings based on glyph average weights (#3223).

4.41.1 (released 2023-07-21)

[subset] Fixed perf regression in v4.41.0 by making NameRecordVisitor only visit tables that do contain nameID references (#3213, #3214).

[varLib.instancer] Support instancing fonts containing null ConditionSet offsets in FeatureVariationRecords (#3211, #3212).

[statisticsPen] Report font glyph-average weight/width and font-wide slant.

[fontBuilder] Fixed head.created date incorrectly set to 0 instead of the current timestamp, regression introduced in v4.40.0 (#3210).

[varLib.merger] Support sparse CursivePos masters (#3209).

4.41.0 (released 2023-07-12)

... (truncated)

Commits

145460e Release 4.43.0
64f3fd8 Update changelog [skip ci]
7aea49e Merge pull request #3283 from hugovk/main
4470c44 Bump requirements.txt to support Python 3.12
0c87cba Bump scipy for Python 3.12 support
eda6fa5 Add support for Python 3.12
0e033b0 Bump reportlab from 3.6.12 to 3.6.13 in /Doc
6012643 [iup] Work around cython bug
b14268a [iup] Remove copy/pasta
0a3360e [varLib.avar] New module to compile avar from .designspace file
Additional commits viewable in compare view

Updates gitpython from 3.1.27 to 3.1.41

Release notes

Sourced from gitpython's releases.

3.1.41 - fix Windows security issue

The details about the Windows security issue can be found in this advisory.

Special thanks go to @EliahKagan who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️.

What's Changed

Add __all__ in git.exc by @EliahKagan in gitpython-developers/GitPython#1719

Set submodule update cadence to weekly by @EliahKagan in gitpython-developers/GitPython#1721

Never modify sys.path by @EliahKagan in gitpython-developers/GitPython#1720

Bump git/ext/gitdb from 8ec2390 to ec58b7e by @dependabot in gitpython-developers/GitPython#1722

Revise comments, docstrings, some messages, and a bit of code by @EliahKagan in gitpython-developers/GitPython#1725

Use zero-argument super() by @EliahKagan in gitpython-developers/GitPython#1726

Remove obsolete note in _iter_packed_refs by @EliahKagan in gitpython-developers/GitPython#1727

Reorganize test_util and make xfail marks precise by @EliahKagan in gitpython-developers/GitPython#1729

Clarify license and make module top comments more consistent by @EliahKagan in gitpython-developers/GitPython#1730

Deprecate compat.is_, rewriting all uses by @EliahKagan in gitpython-developers/GitPython#1732

Revise and restore some module docstrings by @EliahKagan in gitpython-developers/GitPython#1735

Make the rmtree callback Windows-only by @EliahKagan in gitpython-developers/GitPython#1739

List all non-passing tests in test summaries by @EliahKagan in gitpython-developers/GitPython#1740

Document some minor subtleties in test_util.py by @EliahKagan in gitpython-developers/GitPython#1749

Always read metadata files as UTF-8 in setup.py by @EliahKagan in gitpython-developers/GitPython#1748

Test native Windows on CI by @EliahKagan in gitpython-developers/GitPython#1745

Test macOS on CI by @EliahKagan in gitpython-developers/GitPython#1752

Let close_fds be True on all platforms by @EliahKagan in gitpython-developers/GitPython#1753

Fix IndexFile.from_tree on Windows by @EliahKagan in gitpython-developers/GitPython#1751

Remove unused TASKKILL fallback in AutoInterrupt by @EliahKagan in gitpython-developers/GitPython#1754

Don't return with operand when conceptually void by @EliahKagan in gitpython-developers/GitPython#1755

Group .gitignore entries by purpose by @EliahKagan in gitpython-developers/GitPython#1758

Adding dubious ownership handling by @marioaag in gitpython-developers/GitPython#1746

Avoid brittle assumptions about preexisting temporary files in tests by @EliahKagan in gitpython-developers/GitPython#1759

Overhaul noqa directives by @EliahKagan in gitpython-developers/GitPython#1760

Clarify some Git.execute kill_after_timeout limitations by @EliahKagan in gitpython-developers/GitPython#1761

Bump actions/setup-python from 4 to 5 by @dependabot in gitpython-developers/GitPython#1763

Don't install black on Cygwin by @EliahKagan in gitpython-developers/GitPython#1766

Extract all "import gc" to module level by @EliahKagan in gitpython-developers/GitPython#1765

Extract remaining local "import gc" to module level by @EliahKagan in gitpython-developers/GitPython#1768

Replace xfail with gc.collect in TestSubmodule.test_rename by @EliahKagan in gitpython-developers/GitPython#1767

Enable CodeQL by @EliahKagan in gitpython-developers/GitPython#1769

Replace some uses of the deprecated mktemp function by @EliahKagan in gitpython-developers/GitPython#1770

Bump github/codeql-action from 2 to 3 by @dependabot in gitpython-developers/GitPython#1773

Run some Windows environment variable tests only on Windows by @EliahKagan in gitpython-developers/GitPython#1774

Fix TemporaryFileSwap regression where file_path could not be Path by @EliahKagan in gitpython-developers/GitPython#1776

Improve hooks tests by @EliahKagan in gitpython-developers/GitPython#1777

Fix if items of Index is of type PathLike by @stegm in gitpython-developers/GitPython#1778

Better document IterableObj.iter_items and improve some subclasses by @EliahKagan in gitpython-developers/GitPython#1780

Revert "Don't install black on Cygwin" by @EliahKagan in gitpython-developers/GitPython#1783

Add missing pip in $PATH on Cygwin CI by @EliahKagan in gitpython-developers/GitPython#1784

Shorten Iterable docstrings and put IterableObj first by @EliahKagan in gitpython-developers/GitPython#1785

Fix incompletely revised Iterable/IterableObj docstrings by @EliahKagan in gitpython-developers/GitPython#1786

Pre-deprecate setting Git.USE_SHELL by @EliahKagan in gitpython-developers/GitPython#1782

... (truncated)

Commits

f288738 bump patch level
ef3192c Merge pull request #1792 from EliahKagan/popen
1f3caa3 Further clarify comment in test_hook_uses_shell_not_from_cwd
3eb7c2a Move safer_popen from git.util to git.cmd
c551e91 Extract shared logic for using Popen safely on Windows
15ebb25 Clarify comment in test_hook_uses_shell_not_from_cwd
f44524a Avoid spurious "location may have moved" on Windows
a42ea0a Cover absent/no-distro bash.exe in hooks "not from cwd" test
7751436 Extract venv management from test_installation
66ff4c1 Omit CWD in search for bash.exe to run hooks on Windows
Additional commits viewable in compare view

Updates grpcio from 1.46.3 to 1.53.2

Release notes

Sourced from grpcio's releases.

Release v1.53.2

This is release gRPC Core 1.53.2 (glockenspiel).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

Core

[backport][iomgr][EventEngine] Improve server handling of file descriptor exhaustion by @drfloob in grpc/grpc#33672

Release v1.53.1

This is release gRPC Core 1.53.1 (glockenspiel).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

Fixed CVE-2023-32731

Fixed CVE-2023-32732

Release v1.52.2

This is release gRPC Core 1.52.2 (gribkoff).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

Fixed CVE-2023-1428

Release v1.49.4

This is release gRPC Core 1.49.4 (gamma).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes.

[Core] Add set min/max TLS version APIs to TLS credentials APIs. (#34861)

Commits

afb307f [v1.53.x][Interop] Backport Python image update (#33864)
7a9373b [Backport] [dependency] Restrict cython to less than 3.X (#33770)
fdb64a6 [v1.53][Build] Update Phusion baseimage (#33767) (#33836)
cdf4186 [PSM Interop] Legacy tests: fix xDS test client build (v1.53.x backport) (#33...
ce5b93a [PSM Interop] Legacy test builds always pull the driver from master (v1.53.x ...
b24b6ea [release] Bump release version to 1.53.2 (#33709)
1e86ca5 [backport][iomgr][EventEngine] Improve server handling of file descriptor exh...
aff3066 [PSM interop] Don't fail url_map target if sub-target already failed (v1.53.x...
539d75c [PSM interop] Don't fail target if sub-target already failed (#33222) (v1.53....
3e79c88 [Release] Bump version to 1.53.1 (on v1.53.x branch) (#33047)
Additional commits viewable in compare view

Updates ipython from 7.34.0 to 8.10.0

Commits

15ea1ed release 8.10.0
560ad10 DOC: Update what's new for 8.10 (#13939)
7557ade DOC: Update what's new for 8.10
385d693 Merge pull request from GHSA-29gw-9793-fvw7
e548ee2 Swallow potential exceptions from showtraceback() (#13934)
0694b08 MAINT: mock slowest test. (#13885)
8655912 MAINT: mock slowest test.
a011765 Isolate the attack tests with setUp and tearDown methods
c7a9470 Add some regression tests for this change
fd34cf5 Swallow potential exceptions from showtraceback()
Additional commits viewable in compare view

Updates jinja2 from 3.1.2 to 3.1.6

Release notes

Sourced from jinja2's releases.

3.1.6

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h

Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699

Sandbox does not allow clear and pop on known mutable sequence types. #2032

Calling sync render for an async template uses asyncio.run. #1952

Avoid unclosed auto_aiter warnings. #1960

Return an aclose-able AsyncGenerator from Template.generate_async. #1960

Avoid leaving root_render_func() unclosed in Template.generate_async. #1960

Avoid leaving async generators unclosed in blocks, includes and extends. #1960

The runtime uses the correct concat function for the current environment when calling block references. #1701

Make |unique async-aware, allowing it to be used after another async-aware filter. #1781

|int filter handles OverflowError from scientific notation. #1921

Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021

Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025

Fix copy/pickle support for the internal missing object. #2027

Environment.overlay(enable_async) is applied correctly. #2061

The error message from FileSystemLoader includes the paths that were searched. #1661

PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705

Improve annotations for methods returning copies. #1880

urlize does not add mailto: to values like @a@b. #1870

Tests decorated with @pass_context can be used with the |select filter. #1624

Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413

Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.

... (truncated)

Changelog

Sourced from jinja2's changelog.

Version 3.1.6

Released 2025-03-05

The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Version 3.1.5

Released 2024-12-21

The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h

Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699

Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032

Calling sync render for an async template uses asyncio.run. :pr:1952

Avoid unclosed auto_aiter warnings. :pr:1960

Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960

Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960

Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960

The runtime uses the correct concat function for the current environment when calling block references. :issue:1701

Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781

|int filter handles OverflowError from scientific notation. :issue:1921

Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021

Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025

Fix copy/pickle support for the internal missing object. :issue:2027

Environment.overlay(enable_async) is applied correctly. :pr:2061

The error message from FileSystemLoader includes the paths that were searched. :issue:1661

PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705

Improve annotations for methods returning copies. :pr:1880

urlize does not add mailto: to values like @a@b. :pr:1870

... (truncated)

Commits

1520688 release version 3.1.6
90457bb Merge commit from fork
065334d attr filter uses env.getattr
033c200 start version 3.1.6
bc68d4e use global contributing guide (#2070)
247de5e use global contributing guide
ab8218c use project advisory link instead of global
b4ffc8f release version 3.1.5 (#2066)
877f6e5 release version 3.1.5
8d58859 remove test pypi
Additional commits viewable in compare view

Updates joblib from 1.1.0 to 1.5.0

Release notes

Sourced from joblib's releases.

1.5.0

No release notes provided.

1.4.2

What's Changed

TST add a test that ensures conservation of byte order during IPC by @fcharras in joblib/joblib#1562

DOC fix typos in CHANGES.rst by @cclauss in joblib/joblib#1571

DOC typo in docs by @jmerkow in joblib/joblib#1574

FIX revert MemorizedFunc.call API change by @tomMoral in joblib/joblib#1576

New Contributors

@jmerkow made their first contribution in joblib/joblib#1574

Full Changelog: joblib/joblib@1.4.0...1.4.2

Joblib 1.4.0

What's Changed

FIX raise iterator exception in user's thread by @tomMoral in joblib/joblib#1491

MAINT: Update byte_bounds import by @mtsokol in joblib/joblib#1501

FEA Implement generator unordered parameter by @fcharras in joblib/joblib#1463

MAINT: Cleanup expired ndarray methods by @mtsokol in joblib/joblib#1506

Fix README cloning url by @andreaso in joblib/joblib#1508

Fix README archive download link by @andreaso in joblib/joblib#1509

Prefer https:// links in the documentation by @andreaso in joblib/joblib#1510

Stricter Dask tests cleanup by @ogrisel in joblib/joblib#1514

CLN simplify code for easier read by @tomMoral in joblib/joblib#1517

Vendor cloudpickle 3.0.0 and drop support for Python 3.7. by @ogrisel in joblib/joblib#1515

MNT Fix Python 3.12 deprecation warning by @lesteve in joblib/joblib#1518

FIX _get_items_to_delete raising error when items list empty by @Dr-Blank in joblib/joblib#1503

Update dask backend for compatibility with return_as=generator by @fcharras in joblib/joblib#1520

DOC: Best randomness with Parallel generators by @paquiteau in joblib/joblib#1490

MTN update ci pipelines to use python3.8 + test more pypy versions by @fcharras in joblib/joblib#1487

MNT Restart readthedoc pipeline by @fcharras in joblib/joblib#1524

FIX Close cleanly distributed Client at the end of unit tests by @fcharras in joblib/joblib#1526

Add pytest 8.x compatability by @mr-c in joblib/joblib#1553

n_jobs parameter in instantiation of Parallel should be an integer by @androids-electric-sheep in joblib/joblib#1549

DOC : updated n_jobs docs in Parallel class by @Schefflera-Arboricola in joblib/joblib#1537

CI Fix url for scikit-learn nightly builds by @jeremiedbb in joblib/joblib#1567

ENH allow caching coroutine functions by @gsakkis in joblib/joblib#894

DOC consistent default formating in doc by @tomMoral in joblib/joblib#1565

DOC add gotcha on non-reproducible pickling by @tomMoral in joblib/joblib#1566

RELEASE 1.4.0 by @tomMoral in joblib/joblib#1568

New Contributors

@mtsokol made their first contribution in joblib/joblib#1501

@andreaso made their first contribution in joblib/joblib#1508

@Dr-Blank made their first contribution in joblib/joblib#1503

@paquiteau made their first contribution in joblib/joblib#1490

@mr-c made their first contribution in joblib/joblib#1553

@androids-electric-sheep made their first contribution in joblib/joblib#1549

... (truncated)

Changelog

Sourced from joblib's changelog.

Release 1.5.0 -- 2025/05/03

Memory:
- Enforce ``age_limit`` is a positive timedelta for ``Memory.reduce_size``,
  to avoid silently ignoring it.
  https://github.com/joblib/joblib/pull/1613


Remove deprecated bytes_limit argument for Memory, which should

be passed directly to Memory.reduce_size.

joblib/joblib#1569


Extend functionality of the check_call_in_cache method to now also

check against cache validity. Before, it would only check for a given call

if it is in cache memory.

joblib/joblib#1584


The Memory object now automatically creates a .gitignore file in its cache

directory, instructing git to ignore the entire folder.

joblib/joblib#1674


Parallel:
Fixed a bug that caused the timeout parameter in joblib.Parallel to be ineffective when used along with return_as='generator_unordered'. joblib/joblib#1586

Pretty printing of Parallel execution progress when the number of tasks is known. joblib/joblib#1608

Make it possible to pass extra arguments to the LokyBackend and MultiprocessingBackend, enabling the use of initializer. joblib/joblib#1525

Refactor and document the custom parallel backend API. joblib/joblib#1667

Maintenance:
- Drop support for Python 3.8.
  https://github.com/joblib/joblib/pull/1669


Support for Python 3.13 free-threaded has been added.

joblib/joblib#1589


Drop support for PyPy.

</tr></table>

... (truncated)

Commits

e347c92 RELEASE 1.5 (#1719)
03c3f66 FIX run tests with only one cpu (#1715)
df4403f FIX update test_manual_scatter to check consistence between dask backend and ...
8515638 MNT use protocol=5 for dumping arrays with dtype=object (#1682)
863994d FIX issue in memmap reducing when base array is 1d (#1704)
deee7f5 FIX workaround for numpy.core DeprecationWarning (#1714)
031b902 MTN vendor loky 3.5.2 (#1711)
3aa56cc ENH allow passing extra args to backend constructor, enabling the use of init...
71c2ce7 FIX typo in memory.rst (#1700)
6eeef50 FIx typo in the parallel doc (#1701)
Additional commits viewable in compare view

Updates jupyter-core from 4.10.0 to 4.11.2

Release notes

Sourced from jupyter-core's releases.

4.11.1

What's Changed

Fix inclusion of jupyter file and check in CI by @blink1073 in jupyter/jupyter_core#276

Full Changelog: jupyter/jupyter_core@4.11.0...4.11.1

4.11.0

What's Changed

Use hatch backend by @blink1073 in jupyter/jupyter_core#265

is_hidden: Use normalized paths by @martinRenou in jupyter/jupyter_core#271

New Contributors

@martinRenou made their first contribution in jupyter/jupyter_core#271

Full Changelog: jupyter/jupyter_core@4.10.0...4.11.0

Changelog

Sourced from jupyter-core's changelog.

Changes in jupyter-core

5.7.2

(Full Changelog)

Maintenance and upkeep improvements

Update Release Scripts #396 (@blink1073)

Enforce pytest 7 #393 (@blink1073)

chore: update pre-commit hooks #392 (@pre-commit-ci)

Contributors to this release

(GitHub contributors page for this release)

Bumps the pip group with 17 updates in the / directory: | Package | From | To | | --- | --- | --- | | [fonttools](https://github.com/fonttools/fonttools) | `4.33.3` | `4.43.0` | | [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.27` | `3.1.41` | | [grpcio](https://github.com/grpc/grpc) | `1.46.3` | `1.53.2` | | [ipython](https://github.com/ipython/ipython) | `7.34.0` | `8.10.0` | | [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.6` | | [joblib](https://github.com/joblib/joblib) | `1.1.0` | `1.5.0` | | [jupyter-core](https://github.com/jupyter/jupyter_core) | `4.10.0` | `4.11.2` | | [keras](https://github.com/keras-team/keras) | `2.10.0` | `3.9.0` | | [oauthlib](https://github.com/oauthlib/oauthlib) | `3.2.0` | `3.2.2` | | [pillow](https://github.com/python-pillow/Pillow) | `9.1.1` | `10.3.0` | | [protobuf](https://github.com/protocolbuffers/protobuf) | `3.19.4` | `6.30.2` | | [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.0.2` | `1.5.1` | | [sentry-sdk](https://github.com/getsentry/sentry-python) | `1.5.12` | `2.8.0` | | [tensorflow](https://github.com/tensorflow/tensorflow) | `2.6.0` | `2.12.1` | | [torch](https://github.com/pytorch/pytorch) | `1.8.0` | `2.7.0` | | [tornado](https://github.com/tornadoweb/tornado) | `6.1` | `6.4.2` | | [werkzeug](https://github.com/pallets/werkzeug) | `2.1.2` | `3.0.6` | Updates `fonttools` from 4.33.3 to 4.43.0 - [Release notes](https://github.com/fonttools/fonttools/releases) - [Changelog](https://github.com/fonttools/fonttools/blob/main/NEWS.rst) - [Commits](fonttools/fonttools@4.33.3...4.43.0) Updates `gitpython` from 3.1.27 to 3.1.41 - [Release notes](https://github.com/gitpython-developers/GitPython/releases) - [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES) - [Commits](gitpython-developers/GitPython@3.1.27...3.1.41) Updates `grpcio` from 1.46.3 to 1.53.2 - [Release notes](https://github.com/grpc/grpc/releases) - [Changelog](https://github.com/grpc/grpc/blob/master/doc/grpc_release_schedule.md) - [Commits](grpc/grpc@v1.46.3...v1.53.2) Updates `ipython` from 7.34.0 to 8.10.0 - [Release notes](https://github.com/ipython/ipython/releases) - [Commits](ipython/ipython@7.34.0...8.10.0) Updates `jinja2` from 3.1.2 to 3.1.6 - [Release notes](https://github.com/pallets/jinja/releases) - [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst) - [Commits](pallets/jinja@3.1.2...3.1.6) Updates `joblib` from 1.1.0 to 1.5.0 - [Release notes](https://github.com/joblib/joblib/releases) - [Changelog](https://github.com/joblib/joblib/blob/main/CHANGES.rst) - [Commits](joblib/joblib@1.1.0...1.5.0) Updates `jupyter-core` from 4.10.0 to 4.11.2 - [Release notes](https://github.com/jupyter/jupyter_core/releases) - [Changelog](https://github.com/jupyter/jupyter_core/blob/main/CHANGELOG.md) - [Commits](jupyter/jupyter_core@4.10.0...4.11.2) Updates `keras` from 2.10.0 to 3.9.0 - [Release notes](https://github.com/keras-team/keras/releases) - [Commits](keras-team/keras@v2.10.0...v3.9.0) Updates `oauthlib` from 3.2.0 to 3.2.2 - [Release notes](https://github.com/oauthlib/oauthlib/releases) - [Changelog](https://github.com/oauthlib/oauthlib/blob/master/CHANGELOG.rst) - [Commits](oauthlib/oauthlib@v3.2.0...v3.2.2) Updates `pillow` from 9.1.1 to 10.3.0 - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst) - [Commits](python-pillow/Pillow@9.1.1...10.3.0) Updates `protobuf` from 3.19.4 to 6.30.2 - [Release notes](https://github.com/protocolbuffers/protobuf/releases) - [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl) - [Commits](protocolbuffers/protobuf@v3.19.4...v6.30.2) Updates `scikit-learn` from 1.0.2 to 1.5.1 - [Release notes](https://github.com/scikit-learn/scikit-learn/releases) - [Commits](scikit-learn/scikit-learn@1.0.2...1.5.1) Updates `sentry-sdk` from 1.5.12 to 2.8.0 - [Release notes](https://github.com/getsentry/sentry-python/releases) - [Changelog](https://github.com/getsentry/sentry-python/blob/master/CHANGELOG.md) - [Commits](getsentry/sentry-python@1.5.12...2.8.0) Updates `tensorflow` from 2.6.0 to 2.12.1 - [Release notes](https://github.com/tensorflow/tensorflow/releases) - [Changelog](https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md) - [Commits](tensorflow/tensorflow@v2.6.0...v2.12.1) Updates `torch` from 1.8.0 to 2.7.0 - [Release notes](https://github.com/pytorch/pytorch/releases) - [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md) - [Commits](pytorch/pytorch@v1.8.0...v2.7.0) Updates `tornado` from 6.1 to 6.4.2 - [Changelog](https://github.com/tornadoweb/tornado/blob/master/docs/releases.rst) - [Commits](tornadoweb/tornado@v6.1.0...v6.4.2) Updates `werkzeug` from 2.1.2 to 3.0.6 - [Release notes](https://github.com/pallets/werkzeug/releases) - [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst) - [Commits](pallets/werkzeug@2.1.2...3.0.6) --- updated-dependencies: - dependency-name: fonttools dependency-version: 4.43.0 dependency-type: direct:production dependency-group: pip - dependency-name: gitpython dependency-version: 3.1.41 dependency-type: direct:production dependency-group: pip - dependency-name: grpcio dependency-version: 1.53.2 dependency-type: direct:production dependency-group: pip - dependency-name: ipython dependency-version: 8.10.0 dependency-type: direct:production dependency-group: pip - dependency-name: jinja2 dependency-version: 3.1.6 dependency-type: direct:production dependency-group: pip - dependency-name: joblib dependency-version: 1.5.0 dependency-type: direct:production dependency-group: pip - dependency-name: jupyter-core dependency-version: 4.11.2 dependency-type: direct:production dependency-group: pip - dependency-name: keras dependency-version: 3.9.0 dependency-type: direct:production dependency-group: pip - dependency-name: oauthlib dependency-version: 3.2.2 dependency-type: direct:production dependency-group: pip - dependency-name: pillow dependency-version: 10.3.0 dependency-type: direct:production dependency-group: pip - dependency-name: protobuf dependency-version: 6.30.2 dependency-type: direct:production dependency-group: pip - dependency-name: scikit-learn dependency-version: 1.5.1 dependency-type: direct:production dependency-group: pip - dependency-name: sentry-sdk dependency-version: 2.8.0 dependency-type: direct:production dependency-group: pip - dependency-name: tensorflow dependency-version: 2.12.1 dependency-type: direct:production dependency-group: pip - dependency-name: torch dependency-version: 2.7.0 dependency-type: direct:production dependency-group: pip - dependency-name: tornado dependency-version: 6.4.2 dependency-type: direct:production dependency-group: pip - dependency-name: werkzeug dependency-version: 3.0.6 dependency-type: direct:production dependency-group: pip ... Signed-off-by: dependabot[bot] <support@github.com>

dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 9, 2025

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump the pip group across 1 directory with 17 updates#1

Bump the pip group across 1 directory with 17 updates#1
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/pip-efb33eb7af

dependabot Bot commented on behalf of github May 9, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants

Conversation

dependabot Bot commented on behalf of github May 9, 2025

4.43.0

4.42.1

4.42.0

4.41.1

4.41.0

4.40.0

4.43.0 (released 2023-09-29)

4.42.1 (released 2023-08-20)

4.42.0 (released 2023-08-02)

4.41.1 (released 2023-07-21)

4.41.0 (released 2023-07-12)

3.1.41 - fix Windows security issue

What's Changed

Release v1.53.2

Core

Release v1.53.1

Release v1.52.2

Release v1.49.4

3.1.6

3.1.5

3.1.4

3.1.3

Version 3.1.6

Version 3.1.5

1.5.0

1.4.2

What's Changed

New Contributors

Joblib 1.4.0

What's Changed

New Contributors

Release 1.5.0 -- 2025/05/03

4.11.1

What's Changed

4.11.0

What's Changed

New Contributors

Changes in jupyter-core

5.7.2

Maintenance and upkeep improvements

Contributors to this release

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

0 participants