Skip to content

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 3, 2025

Bumps the github-actions group with 11 updates in the / directory:

Package From To
flask 3.0.3 3.1.0
numpy 2.1.2 2.2.2
prometheus-client 0.21.0 0.21.1
protobuf 5.28.2 5.29.3
psutil 6.1.0 6.1.1
scikit-learn 1.5.2 1.6.1
scipy 1.14.1 1.15.1
werkzeug 3.0.4 3.1.3
xgboost 2.1.2 2.1.3
boto3 1.35.43 1.36.11
pymarkdownlnt 0.9.22 0.9.26

Updates flask from 3.0.3 to 3.1.0

Release notes

Sourced from flask's releases.

3.1.0

This is the Flask 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Flask/3.1.0/ Changes: https://flask.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/flask/milestone/33?closed=1

  • Drop support for Python 3.8. #5623
  • Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. #5624, #5633
  • Provide a configuration option to control automatic option responses. #5496
  • Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. #5504
  • Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the security page. #5625
  • Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. #5472
  • -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. #5628
  • Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. #5621
  • Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. #5553
  • Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. #5636
Changelog

Sourced from flask's changelog.

Version 3.1.0

Released 2024-11-13

  • Drop support for Python 3.8. :pr:5623
  • Update minimum dependency versions to latest feature releases. Werkzeug >= 3.1, ItsDangerous >= 2.2, Blinker >= 1.9. :pr:5624,5633
  • Provide a configuration option to control automatic option responses. :pr:5496
  • Flask.open_resource/open_instance_resource and Blueprint.open_resource take an encoding parameter to use when opening in text mode. It defaults to utf-8. :issue:5504
  • Request.max_content_length can be customized per-request instead of only through the MAX_CONTENT_LENGTH config. Added MAX_FORM_MEMORY_SIZE and MAX_FORM_PARTS config. Added documentation about resource limits to the security page. :issue:5625
  • Add support for the Partitioned cookie attribute (CHIPS), with the SESSION_COOKIE_PARTITIONED config. :issue:5472
  • -e path takes precedence over default .env and .flaskenv files. load_dotenv loads default files in addition to a path unless load_defaults=False is passed. :issue:5628
  • Support key rotation with the SECRET_KEY_FALLBACKS config, a list of old secret keys that can still be used for unsigning. Extensions will need to add support. :issue:5621
  • Fix how setting host_matching=True or subdomain_matching=False interacts with SERVER_NAME. Setting SERVER_NAME no longer restricts requests to only that domain. :issue:5553
  • Request.trusted_hosts is checked during routing, and can be set through the TRUSTED_HOSTS config. :issue:5636
Commits
  • ab81496 release version 3.1.0
  • 70602a1 remove test pypi
  • 6748a09 update dev dependencies
  • 22c48a7 Merge remote-tracking branch 'origin/stable'
  • 2eab96a use generic bases for session (#5638)
  • f49dbfd use generic bases for session
  • 7b21d43 configure and check request.trusted_hosts (#5637)
  • 4f7156f configure and check trusted_hosts
  • 10bdf61 setting SERVER_NAME does not restrict routing for both subdomain_matching...
  • 4995a77 fix subdomain_matching=False behavior
  • Additional commits viewable in compare view

Updates numpy from 2.1.2 to 2.2.2

Release notes

Sourced from numpy's releases.

2.2.2 (Jan 18, 2025)

NumPy 2.2.2 Release Notes

NumPy 2.2.2 is a patch release that fixes bugs found after the 2.2.1 release. The number of typing fixes/updates is notable. This release supports Python versions 3.10-3.13.

Contributors

A total of 8 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

  • Alicia Boya García +
  • Charles Harris
  • Joren Hammudoglu
  • Kai Germaschewski +
  • Nathan Goldbaum
  • PTUsumit +
  • Rohit Goswami
  • Sebastian Berg

Pull requests merged

A total of 16 pull requests were merged for this release.

  • #28050: MAINT: Prepare 2.2.x for further development
  • #28055: TYP: fix void arrays not accepting str keys in __setitem__
  • #28066: TYP: fix unnecessarily broad integer binop return types (#28065)
  • #28112: TYP: Better ndarray binop return types for float64 &...
  • #28113: TYP: Return the correct bool from issubdtype
  • #28114: TYP: Always accept date[time] in the datetime64 constructor
  • #28120: BUG: Fix auxdata initialization in ufunc slow path
  • #28131: BUG: move reduction initialization to ufunc initialization
  • #28132: TYP: Fix interp to accept and return scalars
  • #28137: BUG: call PyType_Ready in f2py to avoid data races
  • #28145: BUG: remove unnecessary call to PyArray_UpdateFlags
  • #28160: BUG: Avoid data race in PyArray_CheckFromAny_int
  • #28175: BUG: Fix f2py directives and --lower casing
  • #28176: TYP: Fix overlapping overloads issue in 2->1 ufuncs
  • #28177: TYP: preserve shape-type in ndarray.astype()
  • #28178: TYP: Fix missing and spurious top-level exports

Checksums

MD5

749cb2adf8043551aae22bbf0ed3130a  numpy-2.2.2-cp310-cp310-macosx_10_9_x86_64.whl
bc79fa2e44316b7ce9bacb48a993ed91  numpy-2.2.2-cp310-cp310-macosx_11_0_arm64.whl
c6b2caa2bbb645b5950dccb77efb1dbb  numpy-2.2.2-cp310-cp310-macosx_14_0_arm64.whl
8c410efac169af880cacbbac8a731658  numpy-2.2.2-cp310-cp310-macosx_14_0_x86_64.whl

... (truncated)

Commits
  • fd8a68e Merge pull request #28184 from charris/prepare-2.2.2
  • 0d106a5 REL: Prepare for the NumPy 2.2.2 release [wheel build]
  • dfdd35a Merge pull request #28175 from charris/backport-28056
  • e4517a8 Merge pull request #28176 from charris/backport-28168
  • 2c0432b Merge pull request #28178 from charris/backport-28170
  • 2230a08 Merge pull request #28177 from charris/backport-28169
  • b04e32c TYP: Fix missing and spurious top-level exports
  • 6a5f537 TYP: preserve shape-type in ndarray.astype()
  • f782790 TYP: Fix overlapping overloads issue in 2->1 ufuncs
  • a19acf1 BUG: Fix casing for f2py directives
  • Additional commits viewable in compare view

Updates prometheus-client from 0.21.0 to 0.21.1

Release notes

Sourced from prometheus-client's releases.

0.21.1 / 2024-12-03

What's Changed

[BUGFIX] Revert incorrect use of reentrant locks. #1076

Commits

Updates protobuf from 5.28.2 to 5.29.3

Commits
  • b407e84 Updating version.json and repo version numbers to: 29.3
  • 9a5d2c3 Add .bazeliskrc for protobuf repo to tell bazelisk to use 7.1.2 by default. (...
  • 1dc5842 Fix cmake installation location of java and go features (#19773)
  • 8e7e6b0 Update artifact actions to v4 (#19703)
  • cbdc8ab Merge pull request #19719 from protocolbuffers/29.x-202412181411
  • 5621748 Updating version.json and repo version numbers to: 29.3-dev
  • 2330983 Updating version.json and repo version numbers to: 29.2
  • 1772657 Automated rollback of commit 23aada230b2478c7a07fe7612489eb8e79b9c379. (#19692)
  • 8b9d76c Export environment variables so bazelisk picks them up (#19690)
  • a1c9b6a Pin staleness check to Bazel 7 (#19689)
  • Additional commits viewable in compare view

Updates psutil from 6.1.0 to 6.1.1

Changelog

Sourced from psutil's changelog.

6.1.1

2024-12-19

Enhancements

  • 2471_: use Vulture CLI tool to detect dead code.

Bug fixes

  • 2418_, [Linux]: fix race condition in case /proc/PID/stat does not exist, but /proc/PID does, resulting in FileNotFoundError.
  • 2470_, [Linux]: users()_ may return "localhost" instead of the actual IP address of the user logged in.
Commits
  • 58552f6 Merge branch 'master' of github.com:giampaolo/psutil
  • 4ba6ad0 ruff: enable PLR5501 (Use elif instead of else then if, to reduce inden...
  • 1a63407 use a set literal when testing for membership
  • 8162905 disable flafy test + pre-release
  • 1f3458b try to fix some flaky tests 2
  • c0e1eb1 try to fix some flaky tests 2
  • 45934bb try to fix some flaky tests
  • 560c524 chore: bump cibuildwheel to 2.22.0, move to macos-13 (#2479)
  • b5ea67e fix winmake.py test-parallel
  • 13a336b fix #2418 / Linux: fix race condition
  • Additional commits viewable in compare view

Updates scikit-learn from 1.5.2 to 1.6.1

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.6.1

We're happy to announce the 1.6.1 release.

This release contains fixes for a few regressions introduced in 1.6.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.6.html#version-1-6-1

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Thanks to everyone who contributed to this release !

Scikit-learn 1.6.0

We're happy to announce the 1.6.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_6_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.6.html

This version supports Python versions 3.9 to 3.13 and features an experimental support of free-threaded CPython.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn
Commits
  • f159b78 trigger wheel builder [cd build]
  • 73cca70 generate changelog
  • afaa070 bump version
  • 1f43fd2 DOC: Updates to Macro vs micro-averaging in plot_roc.py (#29845)
  • ea8a725 🔒 🤖 CI Update lock files for main CI build(s) 🔒 🤖 (#30593)
  • bc291f1 🔒 🤖 CI Update lock files for scipy-dev CI build(s) 🔒 🤖 ...
  • f5f2b9c 🔒 🤖 CI Update lock files for free-threaded CI build(s) 🔒 :rob...
  • acbb862 TST Fix doctest due to GradientBoostingClassifier difference with scipy 1.15 ...
  • 42831e5 FIX warn if an estimator does have a concrete sklearn_tags implementation...
  • 0d2ce43 FIX change FutureWarnings to DeprecationWarnings for the tags (#30573)
  • Additional commits viewable in compare view

Updates scipy from 1.14.1 to 1.15.1

Release notes

Sourced from scipy's releases.

SciPy 1.15.1 Release Notes

SciPy 1.15.1 is a bug-fix release with no new features compared to 1.15.0. Importantly, an issue with the import of scipy.optimize breaking other packages has been fixed.

Authors

  • Name (commits)
  • Ralf Gommers (3)
  • Rohit Goswami (1)
  • Matt Haberland (2)
  • Tyler Reddy (7)
  • Daniel Schmitz (1)

A total of 5 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

SciPy 1.15.0 Release Notes

SciPy 1.15.0 is the culmination of 6 months of hard work. It contains many new features, numerous bug-fixes, improved test coverage and better documentation. There have been a number of deprecations and API changes in this release, which are documented below. All users are encouraged to upgrade to this release, as there are a large number of bug-fixes and optimizations. Before upgrading, we recommend that users check that their own code does not use deprecated SciPy functionality (to do so, run your code with python -Wd and check for DeprecationWarning s). Our development attention will now shift to bug-fix releases on the 1.15.x branch, and on adding new features on the main branch.

This release requires Python 3.10-3.13 and NumPy 1.23.5 or greater.

Highlights of this release

  • Sparse arrays are now fully functional for 1-D and 2-D arrays. We recommend that all new code use sparse arrays instead of sparse matrices and that developers start to migrate their existing code from sparse matrix to sparse array: migration_to_sparray. Both sparse.linalg and sparse.csgraph work with either sparse matrix or sparse array and work internally with sparse array.
  • Sparse arrays now provide basic support for n-D arrays in the COO format

... (truncated)

Commits
  • df134ea REL: 1.15.1 rel commit [wheel build]
  • f939c19 Merge pull request #22296 from tylerjereddy/treddy_1.15.1_backports
  • 609bb3c DOC: PR 22296 revisions
  • 5bfd6a2 TST: stats.Normal: bump tolerance on test of logcdf (#22276)
  • f9a549c DOC: update 1.15.1 relnotes
  • 6f011d8 MAINT: Update highs subproject commit
  • 0ff01de TST: fix thread safety issue in interpolate.bsplines memmap test
  • 21c65ab BLD: fix some issues with undeclared internal build dependencies
  • 826759e MAINT: fix url for array-api-extra git submodule
  • 9af1fcd Merge pull request #22235 from tylerjereddy/treddy_prep_1.15.1
  • Additional commits viewable in compare view

Updates werkzeug from 3.0.4 to 3.1.3

Release notes

Sourced from werkzeug's releases.

3.1.3

This is the Werkzeug 3.1.3 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.

PyPI: https://pypi.org/project/Werkzeug/3.1.3/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-3 Milestone: https://github.com/pallets/werkzeug/milestone/41?closed=1

  • Initial data passed to MultiDict and similar interfaces only accepts list, tuple, or set when passing multiple values. It had been changed to accept any Collection, but this matched types that should be treated as single values, such as bytes. #2994
  • When the Host header is not set and Request.host falls back to the WSGI SERVER_NAME value, if that value is an IPv6 address it is wrapped in [] to match the Host header. #2993

3.1.2

This is the Werkzeug 3.1.2 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.

PyPI: https://pypi.org/project/Werkzeug/3.1.2/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-2 Milestone: https://github.com/pallets/werkzeug/milestone/40?closed=1

  • Improve type annotation for TypeConversionDict.get to allow the type parameter to be a callable. #2988
  • Headers does not inherit from MutableMapping, as it is does not exactly match that interface. #2989

3.1.1

This is the Werkzeug 3.1.1 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes vs 3.1.0.

PyPI: https://pypi.org/project/Werkzeug/3.1.1/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-1 Milestone: https://github.com/pallets/werkzeug/milestone/38?closed=1

  • Fix an issue that caused str(Request.headers) to always appear empty. #2985

3.1.0

This is the Werkzeug 3.1.0 feature release. A feature release may include new features, remove previously deprecated code, add new deprecations, or introduce potentially breaking changes. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

PyPI: https://pypi.org/project/Werkzeug/3.1.0/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-1-0 Milestone: https://github.com/pallets/werkzeug/milestone/34?closed=1

  • Drop support for Python 3.8. #2966
  • Remove previously deprecated code. #2967
  • Request.max_form_memory_size defaults to 500kB instead of unlimited. Non-file form fields over this size will cause a RequestEntityTooLarge error. #2964
  • OrderedMultiDict and ImmutableOrderedMultiDict are deprecated. Use MultiDict and ImmutableMultiDict instead. #2968
  • Behavior of properties on request.cache_control and response.cache_control has been significantly adjusted.
    • Dict values are always str | None. Setting properties will convert the value to a string. Setting a property to False is equivalent to setting it to None. Getting typed properties will return None if conversion raises ValueError, rather than the string. #2980
    • max_age is None if present without a value, rather than -1. #2980
    • no_cache is a boolean for requests, it is True instead of "*" when present. It remains a string for responses. #2980
    • max_stale is True if present without a value, rather than "*". #2980
    • no_transform is a boolean. Previously it was mistakenly always None. #2881
    • min_fresh is None if present without a value, rather than "*". #2881
    • private is True if present without a value, rather than "*". #2980
    • Added the must_understand property. #2881
    • Added the stale_while_revalidate, and stale_if_error properties. #2948

... (truncated)

Changelog

Sourced from werkzeug's changelog.

Version 3.1.3

Released 2024-11-08

  • Initial data passed to MultiDict and similar interfaces only accepts list, tuple, or set when passing multiple values. It had been changed to accept any Collection, but this matched types that should be treated as single values, such as bytes. :issue:2994
  • When the Host header is not set and Request.host falls back to the WSGI SERVER_NAME value, if that value is an IPv6 address it is wrapped in [] to match the Host header. :issue:2993

Version 3.1.2

Released 2024-11-04

  • Improve type annotation for TypeConversionDict.get to allow the type parameter to be a callable. :issue:2988
  • Headers does not inherit from MutableMapping, as it is does not exactly match that interface. :issue:2989

Version 3.1.1

Released 2024-11-01

  • Fix an issue that caused str(Request.headers) to always appear empty. :issue:2985

Version 3.1.0

Released 2024-10-31

  • Drop support for Python 3.8. :pr:2966

  • Remove previously deprecated code. :pr:2967

  • Request.max_form_memory_size defaults to 500kB instead of unlimited. Non-file form fields over this size will cause a RequestEntityTooLarge error. :issue:2964

  • OrderedMultiDict and ImmutableOrderedMultiDict are deprecated. Use MultiDict and ImmutableMultiDict instead. :issue:2968

  • Behavior of properties on request.cache_control and response.cache_control has been significantly adjusted.

    • Dict values are always str | None. Setting properties will convert

... (truncated)

Commits

Updates xgboost from 2.1.2 to 2.1.3

Release notes

Sourced from xgboost's releases.

2.1.3 Patch release

The 2.1.3 patch release makes the following bug fixes:

  • [pyspark] Support large model size (#10984).
  • Fix rng for the column sampler (#10998).
  • Handle cudf.pandas proxy objects properly (#11014).

Additional artifacts:

You can verify the downloaded packages by running the following command on your Unix shell:

echo "<hash> <artifact>" | shasum -a 256 --check
90b1b7b770803299b337dd9b9206760d9c16f418403c77acce74b350c6427667  xgboost-2.1.3.tar.gz
96b41da84769920408c5733d05fa2d56b53feeefd209e3d96842cf9c266e27ea  xgboost_r_gpu_linux_2.1.3.tar.gz

Experimental binary packages for R with CUDA enabled

  • xgboost_r_gpu_linux_2.1.3.tar.gz: Download

Source tarball

Commits

Updates boto3 from 1.35.43 to 1.36.11

Commits
  • 1f4efb9 Merge branch 'release-1.36.11'
  • c7543e5 Bumping version to 1.36.11
  • 18d8817 Add changelog entries from botocore
  • 7893a06 Merge branch 'release-1.36.10'
  • c5c634b Merge branch 'release-1.36.10' into develop
  • f147d86 Bumping version to 1.36.10
  • 07397a2 Add changelog entries from botocore
  • 6003754 Merge branch 'release-1.36.9'
  • 622fdef Merge branch 'release-1.36.9' into develop
  • 76e9059 Bumping version to 1.36.9
  • Additional commits viewable in compare view

Updates pymarkdownlnt from 0.9.22 to 0.9.26

Release notes

Sourced from pymarkdownlnt's releases.

Version 0.9.26 - Date: 2024-12-09

Progress continues on locating issues and addressing them, including four issues reported by users. As of this past weekend, (to the best of our knowledge) we have eliminated all fatal issues with Rule Md031 and its fix mode. While there are only three weeks left until the new year, we hope to make significant progress on Rule Md031's fix mode producing incorrect markdown. At the same time, we are starting to do research work into determining the best patterns for introducing new leaf elements in 2025. Our main goal is to provide thorough coverage without sacrificing proper testing. To that end, we will try and figure out and document the best approaches so we can use them for new leaf elements in 2025.

In addition to this work, make solid progress on addressing user issues as reported. And this might seem repetitive, but we continue to need our users to help us out. If you are scanning any Markdown documents and the results seem off, please file an issue. If you are starting to use our fix mode on your Markdown documents and there are issues, please file an issue. We appreciate any help that we can get to improve the project for everyone!

Added

  • Issue 810
    • Added fix mode for Rule Md012
  • Issue 1280
    • Added testing capability to save all single Markdown documents in a specified directory, then scanning them one at a time with PyMarkdown and each of the extensions enabled.

Fixed

  • Issue 1259
    • Fixed asserts and bad parsing from cases where containers are added and then a "raw" blank line removes all containers.
  • Issue 1263
    • Fixed issue where a new unordered list between two block quotes was not being recognized properly.
  • Issue 1270
    • Fixed issue with Md027 not reporting line numbers properly within anything except the first paragraph.
  • Issue 1272
    • Parsing of the FCB in certain cases was off, as was the text token containing the code block's text. Resulted in the columns being reported being indented less than expected.
  • Issue 1274
    • Fixed remaining assert issues, leaving fixes that produce valid Markdown, but not the intended Markdown.
  • Issue 1267
    • Fixed reported issue with task lists creating an error in Md018.
  • Issue 1268
    • Fixed issue with Md022 and pragmas, similar to Issue 1208.

Changed

Version 0.9.25 - Date: 2024-11-07

While it seems like we have been working on the fixing for Rule Md031 forever, that time is starting to come to an end. We have a solid list of what is left to test, and we are confident that we will finish it before the new year. (Hope we did not just jinx ourselves!) As with the last couple of releases, we are testing variations of containers, container starts, and container ends, all to ensure we have confidence that our test scenarios are thorough. At this point, we are very confident with any nesting of up to three containers, will our confidence for nesting scenarios of up to four containers at a high level as well. Following close behind that is our fix mode for Rule Md031 which is the stressor for the nested containers. We are not always happy that we started working on the fix mode for Rule Md031, but we are happy that it uncovered some issues in our parser that we could quickly fix.

But we continue to need our users to help us out. If you are scanning any Markdown documents and the results seem off, please file an issue. If you are starting to use our fix mode on your Markdown documents and there are issues, please file an issue. We appreciate any help that we can get to improve the project for everyone!

Added

  • Issue 1233
  • Issue 1234
  • Issue 1235
    • Adding more comprehensive "drop X" tests where multiple levels of containers are involved, and then dropping one or more of those containers in a single line.

Fixed

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

… updates

Bumps the github-actions group with 11 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [flask](https://github.com/pallets/flask) | `3.0.3` | `3.1.0` |
| [numpy](https://github.com/numpy/numpy) | `2.1.2` | `2.2.2` |
| [prometheus-client](https://github.com/prometheus/client_python) | `0.21.0` | `0.21.1` |
| [protobuf](https://github.com/protocolbuffers/protobuf) | `5.28.2` | `5.29.3` |
| [psutil](https://github.com/giampaolo/psutil) | `6.1.0` | `6.1.1` |
| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.5.2` | `1.6.1` |
| [scipy](https://github.com/scipy/scipy) | `1.14.1` | `1.15.1` |
| [werkzeug](https://github.com/pallets/werkzeug) | `3.0.4` | `3.1.3` |
| [xgboost](https://github.com/dmlc/xgboost) | `2.1.2` | `2.1.3` |
| [boto3](https://github.com/boto/boto3) | `1.35.43` | `1.36.11` |
| [pymarkdownlnt](https://github.com/jackdewinter/pymarkdown) | `0.9.22` | `0.9.26` |



Updates `flask` from 3.0.3 to 3.1.0
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@3.0.3...3.1.0)

Updates `numpy` from 2.1.2 to 2.2.2
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v2.1.2...v2.2.2)

Updates `prometheus-client` from 0.21.0 to 0.21.1
- [Release notes](https://github.com/prometheus/client_python/releases)
- [Commits](prometheus/client_python@v0.21.0...v0.21.1)

Updates `protobuf` from 5.28.2 to 5.29.3
- [Release notes](https://github.com/protocolbuffers/protobuf/releases)
- [Changelog](https://github.com/protocolbuffers/protobuf/blob/main/protobuf_release.bzl)
- [Commits](protocolbuffers/protobuf@v5.28.2...v5.29.3)

Updates `psutil` from 6.1.0 to 6.1.1
- [Changelog](https://github.com/giampaolo/psutil/blob/master/HISTORY.rst)
- [Commits](giampaolo/psutil@release-6.1.0...release-6.1.1)

Updates `scikit-learn` from 1.5.2 to 1.6.1
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@1.5.2...1.6.1)

Updates `scipy` from 1.14.1 to 1.15.1
- [Release notes](https://github.com/scipy/scipy/releases)
- [Commits](scipy/scipy@v1.14.1...v1.15.1)

Updates `werkzeug` from 3.0.4 to 3.1.3
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.0.4...3.1.3)

Updates `xgboost` from 2.1.2 to 2.1.3
- [Release notes](https://github.com/dmlc/xgboost/releases)
- [Changelog](https://github.com/dmlc/xgboost/blob/master/NEWS.md)
- [Commits](dmlc/xgboost@v2.1.2...v2.1.3)

Updates `boto3` from 1.35.43 to 1.36.11
- [Release notes](https://github.com/boto/boto3/releases)
- [Commits](boto/boto3@1.35.43...1.36.11)

Updates `pymarkdownlnt` from 0.9.22 to 0.9.26
- [Release notes](https://github.com/jackdewinter/pymarkdown/releases)
- [Changelog](https://github.com/jackdewinter/pymarkdown/blob/main/changelog.md)
- [Commits](jackdewinter/pymarkdown@v0.9.22...v0.9.26)

---
updated-dependencies:
- dependency-name: flask
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: numpy
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: prometheus-client
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: protobuf
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: psutil
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: scikit-learn
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: scipy
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: werkzeug
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: xgboost
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
- dependency-name: boto3
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions
- dependency-name: pymarkdownlnt
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: github-actions
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Feb 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

dependencies Pull requests that update a dependency file python Pull requests that update Python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants