Skip to content

Bump the pip group across 1 directory with 3 updates#3

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/setup_env/pip-07a4f4c22b
Open

Bump the pip group across 1 directory with 3 updates#3
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/setup_env/pip-07a4f4c22b

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Sep 5, 2025

Bumps the pip group with 3 updates in the /setup_env directory: scikit-learn, pymongo and internetarchive.

Updates scikit-learn from 1.3.1 to 1.5.0

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.5.0

We're happy to announce the 1.5.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.5.html

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Scikit-learn 1.4.2

We're happy to announce the 1.4.2 release.

This release only includes support for numpy 2.

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

Scikit-learn 1.4.1.post1

We're happy to announce the 1.4.1.post1 release.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

... (truncated)

Commits

Updates pymongo from 4.5.0 to 4.6.3

Release notes

Sourced from pymongo's releases.

PyMongo 4.6.3

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348

PyMongo 4.6.2

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404

PyMongo 4.6.1

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752

PyMongo 4.6.0

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.6.3 (2024/03/27)

PyMongo 4.6.3 fixes the following bug:

  • Fixed a potential memory access violation when decoding invalid bson.

Issues Resolved ...............

See the PyMongo 4.6.3 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.6.3 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=38360

Changes in Version 4.6.2 (2024/02/21)

PyMongo 4.6.2 fixes the following bug:

  • Fixed a bug appearing in Python 3.12 where "RuntimeError: can't create new thread at interpreter shutdown" could be written to stderr when a MongoClient's thread starts as the python interpreter is shutting down.

Issues Resolved ...............

See the PyMongo 4.6.2 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.6.2 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=37906

Changes in Version 4.6.1 (2023/11/29)

PyMongo 4.6.1 fixes the following bug:

  • Ensure retryable read OperationFailure errors re-raise exception when 0 or NoneType error code is provided.

Issues Resolved ...............

See the PyMongo 4.6.1 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.6.1 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=37138

Changes in Version 4.6.0 (2023/11/01)

PyMongo 4.6 brings a number of improvements including:

... (truncated)

Commits
  • 8da192f BUMP 4.6.3
  • 56b6b6d PYTHON-4305 Fix bson size check (#1564)
  • 449d0f3 BUMP to 4.6.3.dev0
  • e04576d DEVPROD-3871 Use teardown_task when there is one function/command (#1533)
  • cf1c6a1 PYTHON-4219 Prep for 4.6.2 Release (#1530)
  • d29b2b7 PYTHON-4147 [v4.6]: Silence noisy thread.start() RuntimeError at shutdown (#1...
  • 0477b9b PYTHON-4077 [v4.6]: Ensure there is a MacOS wheel for Python 3.7 (#1527)
  • ecad17d BUMP 4.6.2.dev0
  • 485e0a5 BUMP 4.6.1
  • 995365c PYTHON-4038 [v4.6]: Ensure retryable read OperationFailures re-raise except...
  • Additional commits viewable in compare view

Updates internetarchive from 3.5.0 to 5.5.1

Release notes

Sourced from internetarchive's releases.

Version 5.5.1

Security

  • Fixed a critical directory traversal vulnerability in File.download(). All users are urged to upgrade immediately. This prevents malicious filenames from writing files outside the target directory, a risk especially critical for Windows users.
  • Added automatic filename sanitization with platform-specific rules.
  • Added path resolution checks to block directory traversal attacks.
  • Introduced warnings when filenames are sanitized to maintain user awareness.

Please see the security advisory for more details.

Bugfixes

  • Fixed bug in JSON parsing for ia upload --file-metadata ....

Version 5.5.0

Features and Improvements

  • Added --parameters option to ia metadata.

Version 5.4.1

Features and Improvements

  • Stop setting scanner on upload per policy change.

Bugfixes

  • Fixed bug where REMOVE_TAG was not working with indexed keys.
  • Fixed argument validation and option parsing in ia download.

Version 5.4.0

Features and Improvements

  • Added --print-auth-header option to ia configure.

Bugfixes

  • Corrected behavior of ia_copy to avoid dropping path prefixes, fixing ia_move to properly delete moved files in subdirectories (via :gh:693).
  • Fixed bug where hardcoded test comment was being sent with every request.
  • Fixed issue where ia reviews --index/--noindex only worked for configured user.

Version 5.3.0

Features and Improvements

  • Added ia configure --show to print config to stdout.
  • Added ia configure --check for validating credentials.
  • Added ia configure --whoami for retrieving info about the configured user.
  • Added ia simplelists command for managing simplelists.
  • Added ia flag command for managing flags.

Bugfixes

  • Fixed bugs in ia copy and ia move where an AttributeError was being raised.

... (truncated)

Changelog

Sourced from internetarchive's changelog.

5.5.1 (2025-09-05) ++++++++++++++++++

Security

  • Fixed a critical directory traversal vulnerability in File.download(). All users are urged to upgrade immediately. This prevents malicious filenames from writing files outside the target directory, a risk especially critical for Windows users.
  • Added automatic filename sanitization with platform-specific rules.
  • Added path resolution checks to block directory traversal attacks.
  • Introduced warnings when filenames are sanitized to maintain user awareness.

Bugfixes

  • Fixed bug in JSON parsing for ia upload --file-metadata ....

5.5.0 (2025-07-17) ++++++++++++++++++

Features and Improvements

  • Added --parameters option to ia metadata.

5.4.1 (2025-07-16) ++++++++++++++++++

Features and Improvements

  • Stop setting scanner on upload per policy change.

Bugfixes

  • Fixed bug where REMOVE_TAG was not working with indexed keys.
  • Fixed argument validation and option parsing in ia download.

5.4.0 (2025-04-29) ++++++++++++++++++

Features and Improvements

  • Added --print-auth-header option to ia configure.

Bugfixes

  • Corrected behavior of ia_copy to avoid dropping path prefixes, fixing ia_move to properly delete moved files in subdirectories (via :gh:693).
  • Fixed bug where hardcoded test comment was being sent with every request.
  • Fixed issue where ia reviews --index/--noindex only worked for configured user.

5.3.1 (2025-03-26) ++++++++++++++++++

Bugfixes

  • Fixed bug where ia reviews --index/--noindex was only working for the configured user.

... (truncated)

Commits
  • 73141db v5.5.1
  • cba2d45 Merge branch 'sanitize-filename-downloads'
  • be94ff7 v5.5.1
  • d578c53 v5.5.1
  • 00c2c20 Updated README with temporary security notice
  • ccf95b0 Added tests for file sanitization
  • e676fc5 Added tests for file sanitization
  • d05d2bb fixed typo
  • d583bd5 Added directory traversal attack check to download
  • eceef89 Encode % in sanitize_filename_windows to ensure the encoding is reliably reve...
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 3 updates
80fd9f3 
Bumps the pip group with 3 updates in the /setup_env directory: [scikit-learn](https://github.com/scikit-learn/scikit-learn), [pymongo](https://github.com/mongodb/mongo-python-driver) and [internetarchive](https://github.com/jjjake/internetarchive).


Updates `scikit-learn` from 1.3.1 to 1.5.0
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@1.3.1...1.5.0)

Updates `pymongo` from 4.5.0 to 4.6.3
- [Release notes](https://github.com/mongodb/mongo-python-driver/releases)
- [Changelog](https://github.com/mongodb/mongo-python-driver/blob/master/doc/changelog.rst)
- [Commits](mongodb/mongo-python-driver@4.5.0...4.6.3)

Updates `internetarchive` from 3.5.0 to 5.5.1
- [Release notes](https://github.com/jjjake/internetarchive/releases)
- [Changelog](https://github.com/jjjake/internetarchive/blob/master/HISTORY.rst)
- [Commits](jjjake/internetarchive@v3.5.0...v5.5.1)

---
updated-dependencies:
- dependency-name: scikit-learn
  dependency-version: 1.5.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pymongo
  dependency-version: 4.6.3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: internetarchive
  dependency-version: 5.5.1
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Sep 5, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants