Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

build(deps): bump the pip group across 1 directory with 22 updates #15

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): bump the pip group across 1 directory with 22 updates #15

wants to merge 1 commit into from
+144 −174

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Feb 24, 2025

Bumps the pip group with 22 updates in the / directory:

Package From To
certifi 2022.9.24 2024.7.4
farm-haystack 1.10.0 1.15.1
flask 2.2.2 2.2.5
gitpython 3.1.29 3.1.41
idna 3.4 3.7
ipython 8.6.0 8.18.0
jinja2 3.1.2 3.1.5
mlflow 1.30.0 2.16.0
nltk 3.7 3.9
pillow 9.3.0 10.3.0
pyarrow 7.0.0 14.0.1
pydantic 1.10.2 1.10.13
redis 4.3.4 5.2.1
requests 2.28.1 2.32.2
scikit-learn 1.1.3 1.5.0
sqlparse 0.4.3 0.5.0
streamlit 1.14.0 1.37.0
tornado 6.2 6.4.2
tqdm 4.64.1 4.66.3
urllib3 1.26.12 1.26.19
werkzeug 2.2.2 3.0.6
zipp 3.10.0 3.19.1

Updates certifi from 2022.9.24 to 2024.7.4

Commits

Updates farm-haystack from 1.10.0 to 1.15.1

Commits

Updates flask from 2.2.2 to 2.2.5

Release notes

Sourced from flask's releases.

2.2.5

This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

2.2.4

This is a fix release for the 2.2.x release branch.

2.2.3

This is a fix release for the 2.2.x release branch.

Changelog

Sourced from flask's changelog.

Version 2.2.5

Released 2023-05-02

  • Update for compatibility with Werkzeug 2.3.3.
  • Set Vary: Cookie header when the session is accessed, modified, or refreshed.

Version 2.2.4

Released 2023-04-25

  • Update for compatibility with Werkzeug 2.3.

Version 2.2.3

Released 2023-02-15

  • Autoescape is enabled by default for .svg template files. :issue:4831
  • Fix the type of template_folder to accept pathlib.Path. :issue:4892
  • Add --debug option to the flask run command. :issue:4777
Commits

Updates gitpython from 3.1.29 to 3.1.41

Release notes

Sourced from gitpython's releases.

3.1.41 - fix Windows security issue

The details about the Windows security issue can be found in this advisory.

Special thanks go to @​EliahKagan who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️.

What's Changed

... (truncated)

Commits
  • f288738 bump patch level
  • ef3192c Merge pull request #1792 from EliahKagan/popen
  • 1f3caa3 Further clarify comment in test_hook_uses_shell_not_from_cwd
  • 3eb7c2a Move safer_popen from git.util to git.cmd
  • c551e91 Extract shared logic for using Popen safely on Windows
  • 15ebb25 Clarify comment in test_hook_uses_shell_not_from_cwd
  • f44524a Avoid spurious "location may have moved" on Windows
  • a42ea0a Cover absent/no-distro bash.exe in hooks "not from cwd" test
  • 7751436 Extract venv management from test_installation
  • 66ff4c1 Omit CWD in search for bash.exe to run hooks on Windows
  • Additional commits viewable in compare view

Updates idna from 3.4 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

  • Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6 (2023-11-25) ++++++++++++++++

  • Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

  • Update to Unicode 15.1.0
  • String codec name is now "idna2008" as overriding the system codec "idna" was not working.
  • Fix typing error for codec encoding
  • "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
  • Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
  • Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

Commits
  • 1d365e1 Release v3.7
  • c1b3154 Merge pull request #172 from kjd/optimize-contextj
  • 0394ec7 Merge branch 'master' into optimize-contextj
  • cd58a23 Merge pull request #152 from elliotwutingfeng/dev
  • 5beb28b More efficient resolution of joiner contexts
  • 1b12148 Update ossf/scorecard-action to v2.3.1
  • d516b87 Update Github actions/checkout to v4
  • c095c75 Merge branch 'master' into dev
  • 60a0a4c Fix typo in GitHub Actions workflow key
  • 5918a0e Merge branch 'master' into dev
  • Additional commits viewable in compare view

Updates ipython from 8.6.0 to 8.18.0

Commits

Updates jinja2 from 3.1.2 to 3.1.5

Release notes

Sourced from jinja2's releases.

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. #2032
  • Calling sync render for an async template uses asyncio.run. #1952
  • Avoid unclosed auto_aiter warnings. #1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. #1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. #1960
  • The runtime uses the correct concat function for the current environment when calling block references. #1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
  • |int filter handles OverflowError from scientific notation. #1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
  • Fix copy/pickle support for the internal missing object. #2027
  • Environment.overlay(enable_async) is applied correctly. #2061
  • The error message from FileSystemLoader includes the paths that were searched. #1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
  • Improve annotations for methods returning copies. #1880
  • urlize does not add mailto: to values like @a@b. #1870
  • Tests decorated with @pass_context can be used with the |select filter. #1624
  • Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
  • Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

Changelog

Sourced from jinja2's changelog.

Version 3.1.5

Released 2024-12-21

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032
  • Calling sync render for an async template uses asyncio.run. :pr:1952
  • Avoid unclosed auto_aiter warnings. :pr:1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960
  • The runtime uses the correct concat function for the current environment when calling block references. :issue:1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781
  • |int filter handles OverflowError from scientific notation. :issue:1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025
  • Fix copy/pickle support for the internal missing object. :issue:2027
  • Environment.overlay(enable_async) is applied correctly. :pr:2061
  • The error message from FileSystemLoader includes the paths that were searched. :issue:1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705
  • Improve annotations for methods returning copies. :pr:1880
  • urlize does not add mailto: to values like @a@b. :pr:1870
  • Tests decorated with @pass_context`` can be used with the ``|select`` filter. :issue:1624`
  • Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. :issue:1413
  • Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. :issue:1253

... (truncated)

Commits
  • 877f6e5 release version 3.1.5
  • 8d58859 remove test pypi
  • eda8fe8 update dev dependencies
  • c8fdce1 Fix bug involving calling set on a template parameter within all branches of ...
  • 66587ce Fix bug where set would sometimes fail within if
  • fbc3a69 Add support for namespaces in tuple parsing (#1664)
  • b8f4831 more comments about nsref assignment
  • ee83219 Add support for namespaces in tuple assignment
  • 1d55cdd Triple quotes in docs (#2064)
  • 8a8eafc edit block assignment section
  • Additional commits viewable in compare view

Updates mlflow from 1.30.0 to 2.16.0

Release notes

Sourced from mlflow's releases.

MLflow 2.16.0

We are excited to announce the release of MLflow 2.16.0. This release includes many major features and improvements!

Major features:

  • LlamaIndex Enhancements🦙 - to provide additional flexibility to the LlamaIndex integration, we now have support for the models-from-code functionality for logging, extended engine-based logging, and broadened support for external vector stores.

  • LangGraph Support - We've expanded the LangChain integration to support the agent framework LangGraph. With tracing and support for logging using the models-from-code feature, creating and storing agent applications has never been easier!

  • AutoGen Tracing - Full automatic support for tracing multi-turn agent applications built with Microsoft's AutoGen framework is now available in MLflow. Enabling autologging via mlflow.autogen.autolog() will instrument your agents built with AutoGen.

  • Plugin support for AI Gateway - You can now define your own provider interfaces that will work with MLflow's AI Gateway (also known as the MLflow Deployments Server). Creating an installable provider definition will allow you to connect the Gateway server to any GenAI service of your choosing.

Features:

  • [UI] Add updated deployment usage examples to the MLflow artifact viewer (#13024, @​serena-ruan, @​daniellok-db)
  • [Models] Support logging LangGraph applications via the models-from-code feature (#12996, @​B-Step62)
  • [Models] Extend automatic authorization pass-through support for Langgraph agents (#13001, @​aravind-segu)
  • [Models] Expand the support for LangChain application logging to include UCFunctionToolkit dependencies (#12966, @​aravind-segu)
  • [Models] Support saving LlamaIndex engine directly via the models-from-code feature (#12978, @​B-Step62)
  • [Models] Support models-from-code within the LlamaIndex flavor (#12944, @​B-Step62)
  • [Models] Remove the data structure conversion of input examples to ensure enhanced compatibility with inference signatures (#12782, @​serena-ruan)
  • [Models] Add the ability to retrieve the underlying model object from within pyfunc model wrappers (#12814, @​serena-ruan)
  • [Models] Add spark vector UDT type support for model signatures (#12758, @​WeichenXu123)
  • [Tracing] Add tracing support for AutoGen (#12913, @​B-Step62)
  • [Tracing] Reduce the latency overhead for tracing (#12885, @​B-Step62)
  • [Tracing] Add Async support for the trace decorator (#12877, @​MPKonst)
  • [Deployments] Introduce a plugin provider system to the AI Gateway (Deployments Server) (#12611, @​gabrielfu)
  • [Projects] Add support for parameter submission to MLflow Projects run in Databricks (#12854, @​WeichenXu123)
  • [Model Registry] Introduce support for Open Source Unity Catalog as a model registry service (#12888, @​artjen)

Bug fixes:

Documentation updates:

... (truncated)

Changelog

Sourced from mlflow's changelog.

2.16.0 (2024-08-30)

We are excited to announce the release of MLflow 2.16.0. This release includes many major features and improvements!

Major features:

  • LlamaIndex Enhancements🦙 - to provide additional flexibility to the LlamaIndex integration, we now have support for the models-from-code functionality for logging, extended engine-based logging, and broadened support for external vector stores.

  • LangGraph Support - We've expanded the LangChain integration to support the agent framework LangGraph. With tracing and support for logging using the models-from-code feature, creating and storing agent applications has never been easier!

  • AutoGen Tracing - Full automatic support for tracing multi-turn agent applications built with Microsoft's AutoGen framework is now available in MLflow. Enabling autologging via mlflow.autogen.autolog() will instrument your agents built with AutoGen.

  • Plugin support for AI Gateway - You can now define your own provider interfaces that will work with MLflow's AI Gateway (also known as the MLflow Deployments Server). Creating an installable provider definition will allow you to connect the Gateway server to any GenAI service of your choosing.

Features:

  • [UI] Add updated deployment usage examples to the MLflow artifact viewer (#13024, @​serena-ruan, @​daniellok-db)
  • [Models] Support logging LangGraph applications via the models-from-code feature (#12996, @​B-Step62)
  • [Models] Extend automatic authorization pass-through support for Langgraph agents (#13001, @​aravind-segu)
  • [Models] Expand the support for LangChain application logging to include UCFunctionToolkit dependencies (#12966, @​aravind-segu)
  • [Models] Support saving LlamaIndex engine directly via the models-from-code feature (#12978, @​B-Step62)
  • [Models] Support models-from-code within the LlamaIndex flavor (#12944, @​B-Step62)
  • [Models] Remove the data structure conversion of input examples to ensure enhanced compatibility with inference signatures (#12782, @​serena-ruan)
  • [Models] Add the ability to retrieve the underlying model object from within pyfunc model wrappers (#12814, @​serena-ruan)
  • [Models] Add spark vector UDT type support for model signatures (#12758, @​WeichenXu123)
  • [Tracing] Add tracing support for AutoGen (#12913, @​B-Step62)
  • [Tracing] Reduce the latency overhead for tracing (#12885, @​B-Step62)
  • [Tracing] Add Async support for the trace decorator (#12877, @​MPKonst)
  • [Deployments] Introduce a plugin provider system to the AI Gateway (Deployments Server) (#12611, @​gabrielfu)
  • [Projects] Add support for parameter submission to MLflow Projects run in Databricks (#12854, @​WeichenXu123)
  • [Model Registry] Introduce support for Open Source Unity Catalog as a model registry service (#12888, @​artjen)

Bug fixes:

Documentation updates:

... (truncated)

Commits

Updates nltk from 3.7 to 3.9

Changelog

Sourced from nltk's changelog.

Version 3.9.1 2024-08-19

  • Fixed bug that prevented wordnet from loading

Version 3.9 2024-08-18

  • Fix security vulnerability CVE-2024-39705 (breaking change)
  • Replace pickled models (punkt, chunker, taggers) by new pickle-free "_tab" packages
  • No longer sort Wordnet synsets and relations (sort in calling function when required)
  • Only strip the last suffix in Wordnet Morphy, thus restricting synsets() results
  • Add Python 3.12 support
  • Many other minor fixes

Thanks to the following contributors to 3.8.2: Tom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins, Eric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.

Version 3.8.1 2023-01-02

  • Resolve RCE vulnerability in localhost WordNet Browser (#3100)
  • Remove unused tool scripts (#3099)
  • Resolve XSS vulnerability in localhost WordNet Browser (#3096)
  • Add Python 3.11 support (#3090)

Thanks to the following contributors to 3.8.1: Francis Bond, John Vandenberg, Tom Aarsen

Version 3.8 2022-12-12

  • Refactor dispersion plot (#3082)
  • Provide type hints for LazyCorpusLoader variables (#3081)
  • Throw warning when LanguageModel is initialized with incorrect vocabulary (#3080)
  • Fix WordNet's all_synsets() function (

@dependabot
build(deps): bump the pip group across 1 directory with 22 updates
e139c55 
Bumps the pip group with 22 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [certifi](https://github.com/certifi/python-certifi) | `2022.9.24` | `2024.7.4` |
| [farm-haystack](https://github.com/deepset-ai/haystack) | `1.10.0` | `1.15.1` |
| [flask](https://github.com/pallets/flask) | `2.2.2` | `2.2.5` |
| [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.29` | `3.1.41` |
| [idna](https://github.com/kjd/idna) | `3.4` | `3.7` |
| [ipython](https://github.com/ipython/ipython) | `8.6.0` | `8.18.0` |
| [jinja2](https://github.com/pallets/jinja) | `3.1.2` | `3.1.5` |
| [mlflow](https://github.com/mlflow/mlflow) | `1.30.0` | `2.16.0` |
| [nltk](https://github.com/nltk/nltk) | `3.7` | `3.9` |
| [pillow](https://github.com/python-pillow/Pillow) | `9.3.0` | `10.3.0` |
| [pyarrow](https://github.com/apache/arrow) | `7.0.0` | `14.0.1` |
| [pydantic](https://github.com/pydantic/pydantic) | `1.10.2` | `1.10.13` |
| [redis](https://github.com/redis/redis-py) | `4.3.4` | `5.2.1` |
| [requests](https://github.com/psf/requests) | `2.28.1` | `2.32.2` |
| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `1.1.3` | `1.5.0` |
| [sqlparse](https://github.com/andialbrecht/sqlparse) | `0.4.3` | `0.5.0` |
| [streamlit](https://github.com/streamlit/streamlit) | `1.14.0` | `1.37.0` |
| [tornado](https://github.com/tornadoweb/tornado) | `6.2` | `6.4.2` |
| [tqdm](https://github.com/tqdm/tqdm) | `4.64.1` | `4.66.3` |
| [urllib3](https://github.com/urllib3/urllib3) | `1.26.12` | `1.26.19` |
| [werkzeug](https://github.com/pallets/werkzeug) | `2.2.2` | `3.0.6` |
| [zipp](https://github.com/jaraco/zipp) | `3.10.0` | `3.19.1` |



Updates `certifi` from 2022.9.24 to 2024.7.4
- [Commits](certifi/python-certifi@2022.09.24...2024.07.04)

Updates `farm-haystack` from 1.10.0 to 1.15.1
- [Release notes](https://github.com/deepset-ai/haystack/releases)
- [Commits](deepset-ai/haystack@v1.10.0...v1.15.1)

Updates `flask` from 2.2.2 to 2.2.5
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@2.2.2...2.2.5)

Updates `gitpython` from 3.1.29 to 3.1.41
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.29...3.1.41)

Updates `idna` from 3.4 to 3.7
- [Release notes](https://github.com/kjd/idna/releases)
- [Changelog](https://github.com/kjd/idna/blob/master/HISTORY.rst)
- [Commits](kjd/idna@v3.4...v3.7)

Updates `ipython` from 8.6.0 to 8.18.0
- [Release notes](https://github.com/ipython/ipython/releases)
- [Commits](ipython/ipython@8.6.0...8.18.0)

Updates `jinja2` from 3.1.2 to 3.1.5
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.2...3.1.5)

Updates `mlflow` from 1.30.0 to 2.16.0
- [Release notes](https://github.com/mlflow/mlflow/releases)
- [Changelog](https://github.com/mlflow/mlflow/blob/master/CHANGELOG.md)
- [Commits](mlflow/mlflow@v1.30.0...v2.16.0)

Updates `nltk` from 3.7 to 3.9
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.7...3.9)

Updates `pillow` from 9.3.0 to 10.3.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@9.3.0...10.3.0)

Updates `pyarrow` from 7.0.0 to 14.0.1
- [Release notes](https://github.com/apache/arrow/releases)
- [Commits](apache/arrow@go/v7.0.0...go/v14.0.1)

Updates `pydantic` from 1.10.2 to 1.10.13
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v1.10.2...v1.10.13)

Updates `redis` from 4.3.4 to 5.2.1
- [Release notes](https://github.com/redis/redis-py/releases)
- [Changelog](https://github.com/redis/redis-py/blob/master/CHANGES)
- [Commits](redis/redis-py@v4.3.4...v5.2.1)

Updates `requests` from 2.28.1 to 2.32.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.28.1...v2.32.2)

Updates `scikit-learn` from 1.1.3 to 1.5.0
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@1.1.3...1.5.0)

Updates `sqlparse` from 0.4.3 to 0.5.0
- [Changelog](https://github.com/andialbrecht/sqlparse/blob/master/CHANGELOG)
- [Commits](andialbrecht/sqlparse@0.4.3...0.5.0)

Updates `streamlit` from 1.14.0 to 1.37.0
- [Release notes](https://github.com/streamlit/streamlit/releases)
- [Commits](streamlit/streamlit@1.14.0...1.37.0)

Updates `tornado` from 6.2 to 6.4.2
- [Changelog](https://github.com/tornadoweb/tornado/blob/v6.4.2/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.2.0...v6.4.2)

Updates `tqdm` from 4.64.1 to 4.66.3
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](tqdm/tqdm@v4.64.1...v4.66.3)

Updates `urllib3` from 1.26.12 to 1.26.19
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@1.26.12...1.26.19)

Updates `werkzeug` from 2.2.2 to 3.0.6
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@2.2.2...3.0.6)

Updates `zipp` from 3.10.0 to 3.19.1
- [Release notes](https://github.com/jaraco/zipp/releases)
- [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst)
- [Commits](jaraco/zipp@v3.10.0...v3.19.1)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: indirect
  dependency-group: pip
- dependency-name: farm-haystack
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: flask
  dependency-type: indirect
  dependency-group: pip
- dependency-name: gitpython
  dependency-type: indirect
  dependency-group: pip
- dependency-name: idna
  dependency-type: indirect
  dependency-group: pip
- dependency-name: ipython
  dependency-type: indirect
  dependency-group: pip
- dependency-name: jinja2
  dependency-type: indirect
  dependency-group: pip
- dependency-name: mlflow
  dependency-type: indirect
  dependency-group: pip
- dependency-name: nltk
  dependency-type: indirect
  dependency-group: pip
- dependency-name: pillow
  dependency-type: indirect
  dependency-group: pip
- dependency-name: pyarrow
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pydantic
  dependency-type: indirect
  dependency-group: pip
- dependency-name: redis
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-type: indirect
  dependency-group: pip
- dependency-name: scikit-learn
  dependency-type: indirect
  dependency-group: pip
- dependency-name: sqlparse
  dependency-type: indirect
  dependency-group: pip
- dependency-name: streamlit
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tornado
  dependency-type: indirect
  dependency-group: pip
- dependency-name: tqdm
  dependency-type: indirect
  dependency-group: pip
- dependency-name: urllib3
  dependency-type: indirect
  dependency-group: pip
- dependency-name: werkzeug
  dependency-type: indirect
  dependency-group: pip
- dependency-name: zipp
  dependency-type: indirect
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 24, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants