Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the production-dependencies group across 1 directory with 8 updates #762

Closed

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Aug 26, 2024

Bumps the production-dependencies group with 8 updates in the / directory:

Package From To
asteval 1.0.0 1.0.2
cachetools 5.3.3 5.5.0
numpy 2.0.0 2.1.0
pyphen 0.15.0 0.16.0
scipy 1.14.0 1.14.1
shapely 2.0.4 2.0.6
matplotlib 3.9.1 3.9.2
moderngl 5.10.0 5.11.0

Updates asteval from 1.0.0 to 1.0.2

Release notes

Sourced from asteval's releases.

1.0.2

bug fixes:

  • fix NameError handling in expression code
  • make exception messages more Python-like

1.0.1

security fixes, based on audit by Andrew Effenhauser, Ayman Hammad, and Daniel Crowley, IBM X-Force Security Research division

  • remove numpy modules polynomial, fft, linalg by default for security concerns
  • disallow string.format(), improve security of f-string evaluation
Commits
  • 22f6f48 more work to make exception messages more Python like
  • d837fb9 put exception name with message, more like Python exception
  • 1dec732 Merge pull request #130 from shazarivf/fix-nameerror-handling
  • cab435a fix NameError handling in expression code
  • c673c8b update doc to describe audit by IBM security research group
  • d85e7cb remove numpy modules polynomial, fft, linalg by default for security concerns
  • 1b453ec disallow string.format(), improve security of f-string evaluation
  • See full diff in compare view

Updates cachetools from 5.3.3 to 5.5.0

Changelog

Sourced from cachetools's changelog.

v5.5.0 (2024-08-18)

  • TTLCache.expire() returns iterable of expired (key, value) pairs.

  • TLRUCache.expire() returns iterable of expired (key, value) pairs.

  • Documentation improvements.

  • Update CI environment.

v5.4.0 (2024-07-15)

  • Add the keys.typedmethodkey decorator.

  • Deprecate MRUCache class.

  • Deprecate @func.mru_cache decorator.

  • Update CI environment.

Commits

Updates numpy from 2.0.0 to 2.1.0

Release notes

Sourced from numpy's releases.

2.1.0 (Aug 18, 2024)

NumPy 2.1.0 Release Notes

NumPy 2.1.0 provides support for the upcoming Python 3.13 release and drops support for Python 3.9. In addition to the usual bug fixes and updated Python support, it helps get us back into our usual release cycle after the extended development of 2.0. The highlights for this release are:

  • Support for the array-api 2023.12 standard.
  • Support for Python 3.13.
  • Preliminary support for free threaded Python 3.13.

Python versions 3.10-3.13 are supported in this release.

New functions

New function numpy.unstack

A new function np.unstack(array, axis=...) was added, which splits an array into a tuple of arrays along an axis. It serves as the inverse of [numpy.stack]{.title-ref}.

(gh-26579)

Deprecations

  • The fix_imports keyword argument in numpy.save is deprecated. Since NumPy 1.17, numpy.save uses a pickle protocol that no longer supports Python 2, and ignored fix_imports keyword. This keyword is kept only for backward compatibility. It is now deprecated.

    (gh-26452)

  • Passing non-integer inputs as the first argument of [bincount]{.title-ref} is now deprecated, because such inputs are silently cast to integers with no warning about loss of precision.

    (gh-27076)

Expired deprecations

  • Scalars and 0D arrays are disallowed for numpy.nonzero and numpy.ndarray.nonzero.

    (gh-26268)

  • set_string_function internal function was removed and PyArray_SetStringFunction was stubbed out.

... (truncated)

Commits
  • 2f7fe64 Merge pull request #27236 from charris/prepare-2.1.0
  • b6f434f REL: Prepare for the NumPy 2.1.0 release [wheel build]
  • 3cf9394 Merge pull request #27234 from charris/backport-25984
  • 7443dcc Merge pull request #27233 from charris/backport-27223
  • 85b1cab BUG: Allow fitting of degree zero polynomials with Polynomial.fit
  • 395a81d DOC: reword discussion about shared arrays to hopefully be clearer
  • 5af2e96 Move NUMUSERTYPES thread safety discussion to legacy DType API docs
  • d902c24 DOC: add docs on thread safety in NumPy
  • c080180 Merge pull request #27229 from charris/backport-27226
  • 44ce7e8 BUG: Fix PyArray_ZeroContiguousBuffer (resize) with struct dtypes
  • Additional commits viewable in compare view

Updates pyphen from 0.15.0 to 0.16.0

Release notes

Sourced from pyphen's releases.

0.16.0

  • Close file when reading encoding
  • Update dictionary repository
Changelog

Sourced from pyphen's changelog.

Version 0.16.0

Released on 2024-07-30.

  • Close file when reading encoding
  • Update dictionary repository
Commits

Updates scipy from 1.14.0 to 1.14.1

Release notes

Sourced from scipy's releases.

SciPy 1.14.1 Release Notes

SciPy 1.14.1 adds support for Python 3.13, including binary wheels on PyPI. Apart from that, it is a bug-fix release with no new features compared to 1.14.0.

Authors

  • Name (commits)
  • h-vetinari (1)
  • Evgeni Burovski (1)
  • CJ Carey (2)
  • Lucas Colley (3)
  • Ralf Gommers (3)
  • Melissa Weber Mendonça (1)
  • Andrew Nelson (3)
  • Nick ODell (1)
  • Tyler Reddy (36)
  • Daniel Schmitz (1)
  • Dan Schult (4)
  • Albert Steppi (2)
  • Ewout ter Hoeven (1)
  • Tibor Völcker (2) +
  • Adam Turner (1) +
  • Warren Weckesser (2)
  • ਗਗਨਦੀਪ ਸਿੰਘ (Gagandeep Singh) (1)

A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

Commits
  • 92d2a85 REL: 1.14.1 rel commit [wheel build]
  • 85623a1 Merge pull request #21362 from tylerjereddy/treddy_1.14.1_backports
  • d924005 MAINT: PR 21362 revisions [wheel build]
  • b901a4e MAINT, CI: PR 21362 revisions [wheel build]
  • 2a7ec60 MAINT, BLD: PR 21362 revisions [wheel build]
  • f4f084d MAINT, CI: PR 21362 revisions [wheel build]
  • b712fc6 DOC: update 1.14.1 relnotes [wheel build]
  • cdd5aca MAINT: special: Accommodate changed integer handling in NumPy 2.0. (#21401)
  • 0f91838 BLD: cp313 wheels on manylinux_aarch64 (#21409)
  • 6dd0b00 MAINT, CI: wheel build changes [wheel build]
  • Additional commits viewable in compare view

Updates shapely from 2.0.4 to 2.0.6

Release notes

Sourced from shapely's releases.

2.0.6

Wheels are available for Python 3.13 (and still include GEOS 3.11.4).

Bug fixes:

  • Fix compatibility with NumPy 2.1.0 (#2099).

For a full changelog, see https://shapely.readthedocs.io/en/latest/release/2.x.html#version-2-0-6

2.0.5

Binary wheels on PyPI include GEOS 3.11.4 from 2024-06-05. Furthermore, universal2 wheels are removed for macOS since both x86_64 and arm64 wheels are provided.

Bug fixes:

  • Fix Point x/y/z attributes to return Python floats (#2074).
  • Fix affinity for Apple silicon with NumPy 2.0 by reverting matmul, and use direct matrix multiplication instead (#2085).

For a full changelog, see https://shapely.readthedocs.io/en/latest/release/2.x.html#version-2-0-5

Changelog

Sourced from shapely's changelog.

2.0.6 (2024-08-19)

Bug fixes:

  • Fix compatibility with NumPy 2.1.0 (#2099).

Wheels are available for Python 3.13 (and still include GEOS 3.11.4).

2.0.5 (2024-07-13)

Binary wheels on PyPI include GEOS 3.11.4 from 2024-06-05. Furthermore, universal2 wheels are removed for macOS since both x86_64 and arm64 wheels are provided.

Bug fixes:

  • Fix Point x/y/z attributes to return Python floats (#2074).
  • Fix affinity for Apple silicon with NumPy 2.0 by reverting matmul, and use direct matrix multiplication instead (#2085).
Commits
  • 5a4207d RLS: 2.0.6
  • c65fa42 Bump pypa/cibuildwheel from 2.19.2 to 2.20.0 (build Python 3.13 wheels) (#2103)
  • 2f411ee DOC/RLS: starts changelog for 2.0.6 (#2113)
  • 225445c BLD: suppress 'incompatible-function-pointer-types' error for clang>=16 (#2114)
  • 3ab8fbc TST/CI: enable testing Python 3.13, NumPy 2.1, GEOS 3.13 (#2105)
  • 2a83905 Fix compatibility with numpy 2.1 dev to cast GeometryType to int as ufunc inp...
  • a4fe42f RLS: 2.0.5
  • 0bfcf3a DOC/RLS: starts changelog for 2.0.5 (#2088)
  • b186704 RLS/CI: upgrade GEOS versions to latest minor, add more to CI matrix (#2086)
  • 1ede9b2 FIX: replace matmul with manual matrix multiplication for affinity (#2085)
  • Additional commits viewable in compare view

Updates matplotlib from 3.9.1 to 3.9.2

Release notes

Sourced from matplotlib's releases.

REL: 3.9.2

This is the second bugfix release of the 3.9.x series.

This release contains several bug-fixes and adjustments:

  • Be more resilient to I/O failures when writing font cache
  • Fix nondeterministic behavior with subplot spacing and constrained layout
  • Fix sticky edge tolerance relative to data range
  • Improve formatting of image values in cases of singular norms

Windows wheels now bundle the MSVC runtime DLL statically to avoid inconsistencies with other wheels and random crashes depending on import order.

Commits
  • a254b68 REL: 3.9.2
  • 056f307 DOC: Create release notes for 3.9.2
  • 8d867ce Merge branch 'v3.9.1-doc' into v3.9.x
  • 7be8675 Merge pull request #28687 from QuLogic/static-msvc
  • 3ed3d7b Merge pull request #28695 from meeseeksmachine/auto-backport-of-pr-27797-on-v...
  • 8a62afa BLD: Include MSVCP140 runtime statically
  • 81be26f Merge pull request #28688 from QuLogic/auto-backport-of-pr-28668-on-v3.9.x
  • d88a582 Backport PR #27797: DOC: Use video files for saving animations
  • e3159ba Merge pull request #28692 from meeseeksmachine/auto-backport-of-pr-28632-on-v...
  • 465401e Backport PR #28632: DOC: Tell sphinx-gallery to link mpl_toolkits from our build
  • Additional commits viewable in compare view

Updates moderngl from 5.10.0 to 5.11.0

Changelog

Sourced from moderngl's changelog.

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

main

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

Bumps the production-dependencies group with 8 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [asteval](https://github.com/lmfit/asteval) | `1.0.0` | `1.0.2` |
| [cachetools](https://github.com/tkem/cachetools) | `5.3.3` | `5.5.0` |
| [numpy](https://github.com/numpy/numpy) | `2.0.0` | `2.1.0` |
| [pyphen](https://github.com/Kozea/Pyphen) | `0.15.0` | `0.16.0` |
| [scipy](https://github.com/scipy/scipy) | `1.14.0` | `1.14.1` |
| [shapely](https://github.com/shapely/shapely) | `2.0.4` | `2.0.6` |
| [matplotlib](https://github.com/matplotlib/matplotlib) | `3.9.1` | `3.9.2` |
| [moderngl](https://github.com/moderngl/moderngl) | `5.10.0` | `5.11.0` |



Updates `asteval` from 1.0.0 to 1.0.2
- [Release notes](https://github.com/lmfit/asteval/releases)
- [Commits](lmfit/asteval@1.0.0...1.0.2)

Updates `cachetools` from 5.3.3 to 5.5.0
- [Changelog](https://github.com/tkem/cachetools/blob/master/CHANGELOG.rst)
- [Commits](tkem/cachetools@v5.3.3...v5.5.0)

Updates `numpy` from 2.0.0 to 2.1.0
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.0.0...v2.1.0)

Updates `pyphen` from 0.15.0 to 0.16.0
- [Release notes](https://github.com/Kozea/Pyphen/releases)
- [Changelog](https://github.com/Kozea/Pyphen/blob/main/docs/changelog.rst)
- [Commits](Kozea/Pyphen@0.15.0...0.16.0)

Updates `scipy` from 1.14.0 to 1.14.1
- [Release notes](https://github.com/scipy/scipy/releases)
- [Commits](scipy/scipy@v1.14.0...v1.14.1)

Updates `shapely` from 2.0.4 to 2.0.6
- [Release notes](https://github.com/shapely/shapely/releases)
- [Changelog](https://github.com/shapely/shapely/blob/main/CHANGES.txt)
- [Commits](shapely/shapely@2.0.4...2.0.6)

Updates `matplotlib` from 3.9.1 to 3.9.2
- [Release notes](https://github.com/matplotlib/matplotlib/releases)
- [Commits](matplotlib/matplotlib@v3.9.1...v3.9.2)

Updates `moderngl` from 5.10.0 to 5.11.0
- [Release notes](https://github.com/moderngl/moderngl/releases)
- [Changelog](https://github.com/moderngl/moderngl/blob/main/CHANGELOG.md)
- [Commits](moderngl/moderngl@5.10.0...5.11.0)

---
updated-dependencies:
- dependency-name: asteval
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: cachetools
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: numpy
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: pyphen
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
- dependency-name: scipy
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: shapely
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: matplotlib
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: production-dependencies
- dependency-name: moderngl
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: production-dependencies
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Aug 26, 2024
Copy link

sonarcloud bot commented Aug 26, 2024

Copy link
Contributor Author

dependabot bot commented on behalf of github Sep 9, 2024

Superseded by #765.

@dependabot dependabot bot closed this Sep 9, 2024
@dependabot dependabot bot deleted the dependabot/pip/production-dependencies-b57c9477f2 branch September 9, 2024 14:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants