Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Bump the pip group across 1 directory with 10 updates #381

Closed

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Nov 22, 2024

Bumps the pip group with 10 updates in the /RequirementsFiles directory:

Package From To
aiohttp 3.9.5 3.10.11
certifi 2024.2.2 2024.7.4
nltk 3.8.1 3.9
onnx 1.16.1 1.17.0
scikit-learn 1.4.2 1.5.0
urllib3 2.2.1 2.2.2
waitress 3.0.0 3.0.1
werkzeug 3.0.2 3.0.6
zipp 3.18.1 3.19.1
tornado 6.4.1 6.4.2

Updates aiohttp from 3.9.5 to 3.10.11

Release notes

Sourced from aiohttp's releases.

3.10.11

Bug fixes

  • Authentication provided by a redirect now takes precedence over provided auth when making requests with the client -- by :user:PLPeeters.

    Related issues and pull requests on GitHub: #9436.

  • Fixed :py:meth:WebSocketResponse.close() <aiohttp.web.WebSocketResponse.close> to discard non-close messages within its timeout window after sending close -- by :user:lenard-mosys.

    Related issues and pull requests on GitHub: #9506.

  • Fixed a deadlock that could occur while attempting to get a new connection slot after a timeout -- by :user:bdraco.

    The connector was not cancellation-safe.

    Related issues and pull requests on GitHub: #9670, #9671.

  • Fixed the WebSocket flow control calculation undercounting with multi-byte data -- by :user:bdraco.

    Related issues and pull requests on GitHub: #9686.

  • Fixed incorrect parsing of chunk extensions with the pure Python parser -- by :user:bdraco.

    Related issues and pull requests on GitHub: #9851.

  • Fixed system routes polluting the middleware cache -- by :user:bdraco.

    Related issues and pull requests on GitHub:

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.10.11 (2024-11-13)

Bug fixes

  • Authentication provided by a redirect now takes precedence over provided auth when making requests with the client -- by :user:PLPeeters.

    Related issues and pull requests on GitHub: :issue:9436.

  • Fixed :py:meth:WebSocketResponse.close() <aiohttp.web.WebSocketResponse.close> to discard non-close messages within its timeout window after sending close -- by :user:lenard-mosys.

    Related issues and pull requests on GitHub: :issue:9506.

  • Fixed a deadlock that could occur while attempting to get a new connection slot after a timeout -- by :user:bdraco.

    The connector was not cancellation-safe.

    Related issues and pull requests on GitHub: :issue:9670, :issue:9671.

  • Fixed the WebSocket flow control calculation undercounting with multi-byte data -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:9686.

  • Fixed incorrect parsing of chunk extensions with the pure Python parser -- by :user:bdraco.

    Related issues and pull requests on GitHub: :issue:9851.

  • Fixed system routes polluting the middleware cache -- by :user:bdraco.

... (truncated)

Commits
  • 3e09325 Remove 3.10.11rc0 from 3.10 changelog (#9858)
  • beb7b74 Release 3.10.11 (#9857)
  • 259edc3 [PR #9851/541d86d backport][3.10] Fix incorrect parsing of chunk extensions w...
  • bc15db6 [PR #9852/249855a backport][3.10] Fix system routes polluting the middleware ...
  • 158bf30 Release 3.10.11rc0 (#9848)
  • e5917cd [PR #9844/fabf3884 backport][3.10] Fix compressed get request benchmark paylo...
  • 68a1f42 [PR #9840/cc5fa316 backport][3.10] Add benchmark for sending compressed paylo...
  • 4f4b90f [PR #9835/32ccfc9a backport][3.10] Adjust client payload benchmarks to better...
  • f3dd0f9 [PR #9832/006f4070 backport][3.10] Increase allowed import time for Python 3....
  • f2aab2e [PR #9827/14fcfd4c backport][3.10] Adjust client GET read benchmarks to inclu...
  • Additional commits viewable in compare view

Updates certifi from 2024.2.2 to 2024.7.4

Commits

Updates nltk from 3.8.1 to 3.9

Changelog

Sourced from nltk's changelog.

Version 3.9.1 2024-08-19

  • Fixed bug that prevented wordnet from loading

Version 3.9 2024-08-18

  • Fix security vulnerability CVE-2024-39705 (breaking change)
  • Replace pickled models (punkt, chunker, taggers) by new pickle-free "_tab" packages
  • No longer sort Wordnet synsets and relations (sort in calling function when required)
  • Only strip the last suffix in Wordnet Morphy, thus restricting synsets() results
  • Add Python 3.12 support
  • Many other minor fixes

Thanks to the following contributors to 3.8.2: Tom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins, Eric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.

Version 3.8.1 2023-01-02

  • Resolve RCE vulnerability in localhost WordNet Browser (#3100)
  • Remove unused tool scripts (#3099)
  • Resolve XSS vulnerability in localhost WordNet Browser (#3096)
  • Add Python 3.11 support (#3090)

Thanks to the following contributors to 3.8.1: Francis Bond, John Vandenberg, Tom Aarsen

Version 3.8 2022-12-12

  • Refactor dispersion plot (#3082)
  • Provide type hints for LazyCorpusLoader variables (#3081)
  • Throw warning when LanguageModel is initialized with incorrect vocabulary (#3080)
  • Fix WordNet's all_synsets() function (#3078)
  • Resolve TreebankWordDetokenizer inconsistency with end-of-string contractions (#3070)
  • Support both iso639-3 codes and BCP-47 language tags (#3060)
  • Avoid DeprecationWarning in Regexp tokenizer (#3055)
  • Fix many doctests, add doctests to CI (#3054, #3050, #3048)
  • Fix bool field not being read in VerbNet (#3044)
  • Greatly improve time efficiency of SyllableTokenizer when tokenizing numbers (#3042)
  • Fix encodings of Polish udhr corpus reader (#3038)
  • Allow TweetTokenizer to tokenize emoji flag sequences (#3034)
  • Prevent LazyModule from increasing the size of nltk.dict (#3033)
  • Fix CoreNLPServer non-default port issue (#3031)
  • Add "acion" suffix to the Spanish SnowballStemmer (#3030)
  • Allow loading WordNet without OMW (#3026)
  • Use input() in nltk.chat.chatbot() for Jupyter support (#3022)
  • Fix edit_distance_align() in distance.py (#3017)
  • Tackle performance and accuracy regression of sentence tokenizer since NLTK 3.6.6 (#3014)
  • Add the Iota operator to semantic logic (#3010)
  • Resolve critical errors in WordNet app (#3008)
  • Resolve critical error in CHILDES Corpus (#2998)
  • Make WordNet information_content() accept adjective satellites (#2995)

... (truncated)

Commits

Updates onnx from 1.16.1 to 1.17.0

Release notes

Sourced from onnx's releases.

v1.17.0

ONNX v1.17.0 is now available with exciting new features! We would like to thank everyone who contributed to this release! Please visit onnx.ai to learn more about ONNX and associated projects.

Key Updates

ai.onnx Opset 22

Python Changes

  • Support for numpy >= 2.0

Bug fixes and infrastructure improvements

  • Fix Check URLs errors 5972
  • Use CMAKE_PREFIX_PATH in finding libprotobuf 5975
  • Bump main VERSION_NUMBER to 1.17.0 5968
  • Fix source and pip tar.gz builds on s390x systems 5984
  • Fix unique_name 5992
  • Fix SegFault bug in shape inference 5990
  • Fix onnx.compose when connecting subgraphs 5991
  • Fix conversion from split 11 to split 18 6020
  • Update error messages for NegativeLogLikelihoodLoss inference function 6021
  • Generalize input/output number check in shape inference 6005
  • Replace rank inference with shape inference for Einsum op 6010
  • build from source instruction with latest cmake change 6038
  • Handle OneHot's depth value during shape inference 5963
  • Not to install cmake in pyproject.toml on Windows 6045
  • fix a skipped shape infer code 6049
  • Include the ".onnxtext" extension in supported serialization format 6051
  • Allow ReferenceEvaluator to return intermediate results 6066
  • Fix 1 typo in numpy_helper.py 6041
  • Remove benchmarking code 6076
  • Prevent crash on import after GCC 8 builds 6048
  • Check graph outputs are defined 6083
  • Enable additional ruff rules 6032
  • Add missing shape inference check for DequantizeLinear 6080
  • Add bfloat16 to all relevant ops 6099
  • fix(ci): install python dependencies with --only-binary :all: in manylinux 6120
  • fix: install google-re2 with --only-binary option 6129
  • Specify axis parameter for DequantizeLinear when input rank is 1 6095
  • Pin onnxruntime to 1.17.3 for release CIs 6143
  • Fix INT4 TensorProto byte size is 5x larger than expected with negative values 6161
  • Mitigate tarball directory traversal risks 6164
  • Fix reference implementation for ScatterND with 4D tensors 6174
  • Addition of group > 1 in test and in backend for ConvTranspose 6175
  • Support for bfloat16 for binary, unary operators in reference implementation 6166
  • Refactor windows workflow to work on standard windows 6190
  • Fix a few crashes while running shape inference 6195
  • Update onnx to work with numpy>=2.0 6196
  • Use sets to improve performance of dfs search 6213

... (truncated)

Commits

Updates scikit-learn from 1.4.2 to 1.5.0

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.5.0

We're happy to announce the 1.5.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.5.html

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn
Commits

Updates urllib3 from 2.2.1 to 2.2.2

Release notes

Sourced from urllib3's releases.

2.2.2

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
  • Allowed passing negative integers as amt to read methods of http.client.HTTPResponse as an alternative to None. (#3122)
  • Fixed return types representing copying actions to use typing.Self. (#3363)

Full Changelog: urllib3/urllib3@2.2.1...2.2.2

Changelog

Sourced from urllib3's changelog.

2.2.2 (2024-06-17)

  • Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
  • Allowed passing negative integers as amt to read methods of http.client.HTTPResponse as an alternative to None. ([#3122](https://github.com/urllib3/urllib3/issues/3122) <https://github.com/urllib3/urllib3/issues/3122>__)
  • Fixed return types representing copying actions to use typing.Self. ([#3363](https://github.com/urllib3/urllib3/issues/3363) <https://github.com/urllib3/urllib3/issues/3363>__)
Commits

Updates waitress from 3.0.0 to 3.0.1

Release notes

Sourced from waitress's releases.

v3.0.1

3.0.1 (2024-10-28)

Backward Incompatibilities

Features

Security

  • Fix a bug that would lead to Waitress busy looping on select() on a half-open socket due to a race condition that existed when creating a new HTTPChannel. See Pylons/waitress#435, Pylons/waitress#418 and GHSA-3f84-rpwh-47g6

    With thanks to Dylan Jay and Dieter Maurer for their extensive debugging and helping track this down.

  • No longer strip the header values before passing them to the WSGI environ. See Pylons/waitress#434 and Pylons/waitress#432

  • Fix a race condition in Waitress when channel_request_lookahead is enabled that could lead to HTTP request smuggling.

    See GHSA-9298-4cf8-g4wj

Changelog

Sourced from waitress's changelog.

3.0.1 (2024-10-28)

Backward Incompatibilities


- Python 3.8 is no longer supported.
  See https://github.com/Pylons/waitress/pull/445.

Features


- Added support for Python 3.13.
  See https://github.com/Pylons/waitress/pull/445.

Security

  • Fix a bug that would lead to Waitress busy looping on select() on a half-open
    socket due to a race condition that existed when creating a new HTTPChannel.
    See Pylons/waitress#435,
    Pylons/waitress#418 and
    GHSA-3f84-rpwh-47g6

    With thanks to Dylan Jay and Dieter Maurer for their extensive debugging and
    helping track this down.

  • No longer strip the header values before passing them to the WSGI environ.
    See Pylons/waitress#434 and
    Pylons/waitress#432

  • Fix a race condition in Waitress when channel_request_lookahead is enabled
    that could lead to HTTP request smuggling.

    See GHSA-9298-4cf8-g4wj

Commits
  • ae949bb Ready for 3.0.1
  • e435901 Merge commit from fork
  • 810a435 Add documentation for channel_request_lookahead
  • f4ba1c2 Fix a race condition on recv_bytes boundary when request is invalid
  • 7e7f11e Add a new test to validate the lookahead race condition
  • 6943dcf Make DummySock() look more like an actual socket
  • fdd2ecf Merge pull request #445 from Pylons/feature/support-py-3-13
  • dcd18e7 Update exclude matrix
  • 4633ea6 Drop Python 3.8 and add Python 3.13
  • 4584936 Merge pull request #440 from Pylons/fix/ci
  • Additional commits viewable in compare view

Updates werkzeug from 3.0.2 to 3.0.6

Release notes

Sourced from werkzeug's releases.

3.0.6

This is the Werkzeug 3.0.6 security fix release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.6/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-6

  • Fix how max_form_memory_size is applied when parsing large non-file fields. GHSA-q34m-jh98-gwm2
  • safe_join catches certain paths on Windows that were not caught by ntpath.isabs on Python < 3.11. GHSA-f9vj-2wh5-fj8j

3.0.5

This is the Werkzeug 3.0.5 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.5/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-5 Milestone: https://github.com/pallets/werkzeug/milestone/37?closed=1

  • The Watchdog reloader ignores file closed no write events. #2945
  • Logging works with client addresses containing an IPv6 scope. #2952
  • Ignore invalid authorization parameters. #2955
  • Improve type annotation fore SharedDataMiddleware. #2958
  • Compatibility with Python 3.13 when generating debugger pin and the current UID does not have an associated name. #2957

3.0.4

This is the Werkzeug 3.0.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.4/ Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-4 Milestone: https://github.com/pallets/werkzeug/milestone/36?closed=1

  • Restore behavior where parsing multipart/x-www-form-urlencoded data with invalid UTF-8 bytes in the body results in no form data parsed rather than a 413 error. #2930
  • Improve parse_options_header performance when parsing unterminated quoted string values. #2904
  • Debugger pin auth is synchronized across threads/processes when tracking failed entries. #2916
  • Dev server handles unexpected SSLEOFError due to issue in Python < 3.13. #2926
  • Debugger pin auth works when the URL already contains a query string. #2918

3.0.3

This is the Werkzeug 3.0.3 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.3/ Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 Milestone: https://github.com/pallets/werkzeug/milestone/35?closed=1

  • Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. GHSA-2g68-c3qc-8985
  • Make reloader more robust when "" is in sys.path. #2823

... (truncated)

Changelog

Sourced from werkzeug's changelog.

Version 3.0.6

Released 2024-10-25

  • Fix how max_form_memory_size is applied when parsing large non-file fields. :ghsa:q34m-jh98-gwm2
  • safe_join catches certain paths on Windows that were not caught by ntpath.isabs on Python < 3.11. :ghsa:f9vj-2wh5-fj8j

Version 3.0.5

Released 2024-10-24

  • The Watchdog reloader ignores file closed no write events. :issue:2945
  • Logging works with client addresses containing an IPv6 scope :issue:2952
  • Ignore invalid authorization parameters. :issue:2955
  • Improve type annotation fore SharedDataMiddleware. :issue:2958
  • Compatibility with Python 3.13 when generating debugger pin and the current UID does not have an associated name. :issue:2957

Version 3.0.4

Released 2024-08-21

  • Restore behavior where parsing multipart/x-www-form-urlencoded data with invalid UTF-8 bytes in the body results in no form data parsed rather than a 413 error. :issue:2930
  • Improve parse_options_header performance when parsing unterminated quoted string values. :issue:2904
  • Debugger pin auth is synchronized across threads/processes when tracking failed entries. :issue:2916
  • Dev server handles unexpected SSLEOFError due to issue in Python < 3.13. :issue:2926
  • Debugger pin auth works when the URL already contains a query string. :issue:2918

Version 3.0.3

Released 2024-05-05

  • Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger

... (truncated)

Commits

Updates zipp from 3.18.1 to 3.19.1

Changelog

Sourced from zipp's changelog.

v3.19.1

Bugfixes

  • Improved handling of malformed zip files. (#119)

v3.19.0

Features

  • Implement is_symlink. (#117)

v3.18.2

No significant changes.

Commits

Updates tornado from 6.4.1 to 6.4.2

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1 releases/v3.1.0 releases/v3.0.2 releases/v3.0.1 releases/v3.0.0 releases/v2.4.1 releases/v2.4.0

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

Bumps the pip group with 10 updates in the /RequirementsFiles directory:

| Package | From | To |
| --- | --- | --- |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.9.5` | `3.10.11` |
| [certifi](https://github.com/certifi/python-certifi) | `2024.2.2` | `2024.7.4` |
| [nltk](https://github.com/nltk/nltk) | `3.8.1` | `3.9` |
| [onnx](https://github.com/onnx/onnx) | `1.16.1` | `1.17.0` |
| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.4.2` | `1.5.0` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.2.1` | `2.2.2` |
| [waitress](https://github.com/Pylons/waitress) | `3.0.0` | `3.0.1` |
| [werkzeug](https://github.com/pallets/werkzeug) | `3.0.2` | `3.0.6` |
| [zipp](https://github.com/jaraco/zipp) | `3.18.1` | `3.19.1` |
| [tornado](https://github.com/tornadoweb/tornado) | `6.4.1` | `6.4.2` |



Updates `aiohttp` from 3.9.5 to 3.10.11
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](aio-libs/aiohttp@v3.9.5...v3.10.11)

Updates `certifi` from 2024.2.2 to 2024.7.4
- [Commits](certifi/python-certifi@2024.02.02...2024.07.04)

Updates `nltk` from 3.8.1 to 3.9
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.8.1...3.9)

Updates `onnx` from 1.16.1 to 1.17.0
- [Release notes](https://github.com/onnx/onnx/releases)
- [Changelog](https://github.com/onnx/onnx/blob/main/docs/Changelog-ml.md)
- [Commits](onnx/onnx@v1.16.1...v1.17.0)

Updates `scikit-learn` from 1.4.2 to 1.5.0
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@1.4.2...1.5.0)

Updates `urllib3` from 2.2.1 to 2.2.2
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.2.1...2.2.2)

Updates `waitress` from 3.0.0 to 3.0.1
- [Release notes](https://github.com/Pylons/waitress/releases)
- [Changelog](https://github.com/Pylons/waitress/blob/main/CHANGES.txt)
- [Commits](Pylons/waitress@v3.0.0...v3.0.1)

Updates `werkzeug` from 3.0.2 to 3.0.6
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.0.2...3.0.6)

Updates `zipp` from 3.18.1 to 3.19.1
- [Release notes](https://github.com/jaraco/zipp/releases)
- [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst)
- [Commits](jaraco/zipp@v3.18.1...v3.19.1)

Updates `tornado` from 6.4.1 to 6.4.2
- [Changelog](https://github.com/tornadoweb/tornado/blob/v6.4.2/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.4.1...v6.4.2)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: certifi
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: nltk
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: onnx
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: scikit-learn
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: urllib3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: waitress
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: werkzeug
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: zipp
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tornado
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Nov 22, 2024
Copy link

Hello @dependabot[bot], 👋 Thank you for creating a pull request in our repository. We appreciate your contribution!

@Dartvauder Dartvauder closed this Nov 27, 2024
@Dartvauder Dartvauder deleted the dependabot/pip/RequirementsFiles/pip-31967ef208 branch November 27, 2024 21:30
Copy link
Author

dependabot bot commented on behalf of github Nov 27, 2024

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
AnyChange dependencies Pull requests that update a dependency file
Projects
None yet
Development

Successfully merging this pull request may close these issues.

1 participant