build(deps): bump numexpr from 2.8.4 to 2.8.8

[dependabot]

Bumps numexpr from 2.8.4 to 2.8.8.

Changelog

Sourced from numexpr's changelog.

Changes from 2.8.8 to 2.8.9

* **Under development.**

Changes from 2.8.7 to 2.8.8

• Fix re_evaluate not taking global_dict as argument. Thanks to Teng Liu (@​27rabbitlt).

• Fix parsing of simple complex numbers. Now, ne.evaluate('1.5j') works. Thanks to Teng Liu (@​27rabbitlt).

• Fixes for upcoming NumPy 2.0:

  • Replace npy_cdouble with C++ complex. Thanks to Teng Liu (@​27rabbitlt).
  • Add NE_MAXARGS for future numpy change NPY_MAXARGS. Now it is set to 64 to match NumPy 2.0 value. Thanks to Teng Liu (@​27rabbitlt).

Changes from 2.8.6 to 2.8.7

• More permissive rules in sanitizing regular expression: allow to access digits after the . with scientific notation. Thanks to Thomas Vincent.

• Don't reject double underscores that are not at the start or end of a variable name (pandas uses those), or scientific-notation numbers with digits after the decimal point. Thanks to Rebecca Palmer.

• Do not use numpy.alltrue in the test suite, as it has been deprecated (replaced by numpy.all). Thanks to Rebecca Chen.

• Wheels for Python 3.12. Wheels for 3.7 and 3.8 are not generated anymore.

Changes from 2.8.5 to 2.8.6

• The sanitization can be turned off by default by setting an environment variable,

  set NUMEXPR_SANITIZE=0

• Improved behavior of the blacklist to avoid triggering on private variables and scientific notation numbers.

Commits

• 4eae454 Getting ready for release 2.8.8
• 153e5f8 Use larger arrays for benchs
• 619b122 Get rid of deprecated setuptools.config.read_configuration
• b829b35 Merge pull request #464 from 27rabbitlt/add_NE_MAXARGS
• aa8b704 add NE_MAXARGS for future numpy change NPY_MAXARGS
• 88ba205 Merge pull request #462 from 27rabbitlt/fix_dotj_forbidden_ctrl_char
• bf9d34a fix sanitizer forbid usage of \d+.\d*j
• 05bb401 Merge pull request #461 from 27rabbitlt/fix_numpy_complex
• 7767bc0 fix: replace npy_cdouble with C++ complex
• d0c5fc9 Merge pull request #457 from 27rabbitlt/fix_evaluate_global_dict
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)