Bump the production-dependencies group across 1 directory with 4 updates #753
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Bumps the production-dependencies group with 4 updates in the / directory: asteval, cachetools, numpy and shapely.
Updates
asteval
from 1.0.0 to 1.0.1Release notes
Sourced from asteval's releases.
Commits
c673c8b
update doc to describe audit by IBM security research groupd85e7cb
remove numpy modules polynomial, fft, linalg by default for security concerns1b453ec
disallow string.format(), improve security of f-string evaluationUpdates
cachetools
from 5.3.3 to 5.4.0Changelog
Sourced from cachetools's changelog.
Commits
990665b
Release v5.4.0.ebff841
Fix #256: Deprecate MRUCache class.f9021d5
Fix #256: Deprecate@mru
_cache decorator.f461c73
Merge remote-tracking branch 'origin/dependabot/github_actions/codecov/codeco...a56d38e
Merge remote-tracking branch 'origin/dependabot/github_actions/actions/checko...7354593
Bump actions/checkout from 4.1.6 to 4.1.71a4bd04
Bump codecov/codecov-action from 4.4.1 to 4.5.0e669b99
Add thekeys.typedmethodkey
decoratorfbf0b7e
Bump actions/checkout from 4.1.4 to 4.1.6226028d
Bump codecov/codecov-action from 4.3.1 to 4.4.1Updates
numpy
from 2.0.0 to 2.0.1Release notes
Sourced from numpy's releases.
... (truncated)
Commits
4c9f431
Merge pull request #27000 from charris/prepare-2.0.10e70e00
REL: Prepare for the NumPy 2.0.1 release [wheel build]4d10ffc
Merge pull request #26995 from charris/backport-26985764b667
BUG: Add object cast to avoid warning with limited API9be6ad6
Merge pull request #26971 from charris/backport-269356d950e9
BUG: fix f2py tests to work with v2 API89630c0
Merge pull request #26962 from charris/backport-2691988fa840
TST: Apply test suggestion by Nathan for rlstrip fixesa9da01e
BUG,MAINT: Fix utf-8 character stripping memory access6afbbf8
Merge pull request #26963 from charris/backport-26930Updates
shapely
from 2.0.4 to 2.0.5Release notes
Sourced from shapely's releases.
Changelog
Sourced from shapely's changelog.
Commits
a4fe42f
RLS: 2.0.50bfcf3a
DOC/RLS: starts changelog for 2.0.5 (#2088)b186704
RLS/CI: upgrade GEOS versions to latest minor, add more to CI matrix (#2086)1ede9b2
FIX: replace matmul with manual matrix multiplication for affinity (#2085)0748c40
BUG: fix Point x/y/z/m attribtues to return Python floats (#2074)7903b2d
Bump pypa/cibuildwheel from 2.19.1 to 2.19.2 (#2083)e75c3a2
RLS/BLD: use native Apple Silicon macOS for arm64 wheels; remove universal2 (...13eb644
BLD: replace pkg_resources, prepend numpy include dirs (#2071)ac283c3
CI: Update macos-11 image to macos-13 (#2072)473c202
Bump pypa/cibuildwheel from 2.18.1 to 2.19.1 (#2068)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase
.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebase
will rebase this PR@dependabot recreate
will recreate this PR, overwriting any edits that have been made to it@dependabot merge
will merge this PR after your CI passes on it@dependabot squash and merge
will squash and merge this PR after your CI passes on it@dependabot cancel merge
will cancel a previously requested merge and block automerging@dependabot reopen
will reopen this PR if it is closed@dependabot close
will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditions
will show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major version
will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor version
will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>
will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>
will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>
will remove the ignore condition of the specified dependency and ignore conditions