search

4k4xs4pH1r3 / stringsifter

A machine learning tool that ranks strings based on their relevance for malware analysis.
Apache License 2.0
0 stars 1 forks source link

Bump the pip group group with 7 updates #14

Closed dependabot[bot] closed 8 months ago

dependabot[bot] commented 8 months ago

Bumps the pip group group with 7 updates:

Package From To
numpy 1.19.4 1.22.0
scikit-learn 0.23.2 1.0.1
joblib 0.16.0 1.2.0
wheel 0.36.0 0.38.1
scipy 1.9.3 1.10.1
cryptography 41.0.3 42.0.4
urllib3 2.0.4 2.0.7

Updates numpy from 1.19.4 to 1.22.0

Release notes

Sourced from numpy's releases.

v1.22.0

NumPy 1.22.0 Release Notes

NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements, highlights are:

  • Annotations of the main namespace are essentially complete. Upstream is a moving target, so there will likely be further improvements, but the major work is done. This is probably the most user visible enhancement in this release.
  • A preliminary version of the proposed Array-API is provided. This is a step in creating a standard collection of functions that can be used across application such as CuPy and JAX.
  • NumPy now has a DLPack backend. DLPack provides a common interchange format for array (tensor) data.
  • New methods for quantile, percentile, and related functions. The new methods provide a complete set of the methods commonly found in the literature.
  • A new configurable allocator for use by downstream projects.

These are in addition to the ongoing work to provide SIMD support for commonly used functions, improvements to F2PY, and better documentation.

The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped. Note that 32 bit wheels are only provided for Python 3.8 and 3.9 on Windows, all other wheels are 64 bits on account of Ubuntu, Fedora, and other Linux distributions dropping 32 bit support. All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix the occasional problems encountered by folks using truly huge arrays.

Expired deprecations

Deprecated numeric style dtype strings have been removed

Using the strings "Bytes0", "Datetime64", "Str0", "Uint32", and "Uint64" as a dtype will now raise a TypeError.

(gh-19539)

Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

numpy.loads was deprecated in v1.15, with the recommendation that users use pickle.loads instead. ndfromtxt and mafromtxt were both deprecated in v1.17 - users should use numpy.genfromtxt instead with the appropriate value for the usemask parameter.

(gh-19615)

... (truncated)

Commits


Updates scikit-learn from 0.23.2 to 1.0.1

Release notes

Sourced from scikit-learn's releases.

scikit-learn 1.0.1

We're happy to announce the 1.0.1 release with several bugfixes:

You can see the changelog here: https://scikit-learn.org/dev/whats_new/v1.0.html#version-1-0-1

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds will be available shortly, which you can then install using:

conda install -c conda-forge scikit-learn

scikit-learn 1.0

We're happy to announce the 1.0 release. You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_0_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.0.html#changes-1-0

This version supports Python versions 3.7 to 3.9.

scikit-learn 0.24.2

We're happy to announce the 0.24.2 release with several bugfixes:

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v0.24.html#version-0-24-2

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds will be available shortly, which you can then install using:

conda install -c conda-forge scikit-learn

scikit-learn 0.24.1

We're happy to announce the 0.24.1 release with several bugfixes:

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v0.24.html#version-0-24-1

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds will be available shortly, which you can then install using:

conda install -c conda-forge scikit-learn

scikit-learn 0.24.0

We're happy to announce the 0.24 release. You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_0_24_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v0.24.html#version-0-24-0

... (truncated)

Commits
  • 0d37891 Trigger wheel builder workflow: [cd build]
  • 7737cb9 DOC update the News section in website (#21417)
  • 8971a19 DOC Ensures that MultiTaskElasticNetCV passes numpydoc validation (#21405)
  • d6e24ee DOC Ensures that LabelSpreading passes numpydoc validation (#21414)
  • 14fda2f DOC Ensures that PassiveAggressiveRegressor passes numpydoc validation (#21413)
  • 112ae4e DOC Ensures that OrthogonalMatchingPursuitCV passes numpydoc validation (#21412)
  • cd927c0 FIX delete feature_names_in_ when refitting on a ndarray (#21389)
  • ae223ee bumpversion to 1.0.1
  • 9227162 MNT remove 1.1 changelog due to rebase conflict
  • 5d75547 MNT fix changelog 1.0.1 (#21416)
  • Additional commits viewable in compare view


Updates joblib from 0.16.0 to 1.2.0

Changelog

Sourced from joblib's changelog.

Release 1.2.0

  • Fix a security issue where eval(pre_dispatch) could potentially run arbitrary code. Now only basic numerics are supported. joblib/joblib#1327

  • Make sure that joblib works even when multiprocessing is not available, for instance with Pyodide joblib/joblib#1256

  • Avoid unnecessary warnings when workers and main process delete the temporary memmap folder contents concurrently. joblib/joblib#1263

  • Fix memory alignment bug for pickles containing numpy arrays. This is especially important when loading the pickle with mmap_mode != None as the resulting numpy.memmap object would not be able to correct the misalignment without performing a memory copy. This bug would cause invalid computation and segmentation faults with native code that would directly access the underlying data buffer of a numpy array, for instance C/C++/Cython code compiled with older GCC versions or some old OpenBLAS written in platform specific assembly. joblib/joblib#1254

  • Vendor cloudpickle 2.2.0 which adds support for PyPy 3.8+.

  • Vendor loky 3.3.0 which fixes several bugs including:

    • robustly forcibly terminating worker processes in case of a crash (joblib/joblib#1269);

    • avoiding leaking worker processes in case of nested loky parallel calls;

    • reliability spawn the correct number of reusable workers.

Release 1.1.1

  • Fix a security issue where eval(pre_dispatch) could potentially run arbitrary code. Now only basic numerics are supported. joblib/joblib#1327

Release 1.1.0

  • Fix byte order inconsistency issue during deserialization using joblib.load

... (truncated)

Commits
  • 5991350 Release 1.2.0
  • 3fa2188 MAINT cleanup numpy warnings related to np.matrix in tests (#1340)
  • cea26ff CI test the future loky-3.3.0 branch (#1338)
  • 8aca6f4 MAINT: remove pytest.warns(None) warnings in pytest 7 (#1264)
  • 067ed4f XFAIL test_child_raises_parent_exits_cleanly with multiprocessing (#1339)
  • ac4ebd5 MAINT add back pytest warnings plugin (#1337)
  • a23427d Test child raises parent exits cleanly more reliable on macos (#1335)
  • ac09691 [MAINT] various test updates (#1334)
  • 4a314b1 Vendor loky 3.2.0 (#1333)
  • bdf47e9 Make test_parallel_with_interactively_defined_functions_default_backend timeo...
  • Additional commits viewable in compare view


Updates wheel from 0.36.0 to 0.38.1

Changelog

Sourced from wheel's changelog.

Release Notes

0.42.0 (2023-11-26)

  • Allowed removing build tag with wheel tags --build ""
  • Fixed wheel pack and wheel tags writing updated WHEEL fields after a blank line, causing other tools to ignore them
  • Fixed wheel pack and wheel tags writing WHEEL with CRLF line endings or a mix of CRLF and LF
  • Fixed wheel pack --build-number "" not removing build tag from WHEEL (above changes by Benjamin Gilbert)

0.41.3 (2023-10-30)

  • Updated vendored packaging to 23.2
  • Fixed ABI tag generation for CPython 3.13a1 on Windows (PR by Sam Gross)

0.41.2 (2023-08-22)

  • Fixed platform tag detection for GraalPy and 32-bit python running on an aarch64 kernel (PR by Matthieu Darbois)
  • Fixed wheel tags to not list directories in RECORD files (PR by Mike Taves)
  • Fixed ABI tag generation for GraalPy (PR by Michael Simacek)

0.41.1 (2023-08-05)

  • Fixed naming of the data_dir directory in the presence of local version segment given via egg_info.tag_build (PR by Anderson Bravalheri)
  • Fixed version specifiers in Requires-Dist being wrapped in parentheses

0.41.0 (2023-07-22)

  • Added full support of the build tag syntax to wheel tags (you can now set a build tag like 123mytag)
  • Fixed warning on Python 3.12 about onerror deprecation. (PR by Henry Schreiner)
  • Support testing on Python 3.12 betas (PR by Ewout ter Hoeven)

0.40.0 (2023-03-14)

  • Added a wheel tags command to modify tags on an existing wheel (PR by Henry Schreiner)
  • Updated vendored packaging to 23.0
  • wheel unpack now preserves the executable attribute of extracted files
  • Fixed spaces in platform names not being converted to underscores (PR by David Tucker)
  • Fixed RECORD files in generated wheels missing the regular file attribute
  • Fixed DeprecationWarning about the use of the deprecated pkg_resources API (PR by Thomas Grainger)
  • Wheel now uses flit-core as a build backend (PR by Henry Schreiner)

... (truncated)

Commits
  • 6f1608d Created a new release
  • cf8f5ef Moved news item from PR #484 to its proper place
  • 9ec2016 Removed install dependency on setuptools (#483)
  • 747e1f6 Fixed PyPy SOABI parsing (#484)
  • 7627548 [pre-commit.ci] pre-commit autoupdate (#480)
  • 7b9e8e1 Test on Python 3.11 final
  • a04dfef Updated the pypi-publish action
  • 94bb62c Fixed docs not building due to code style changes
  • d635664 Updated the codecov action to the latest version
  • fcb94cd Updated version to match the release
  • Additional commits viewable in compare view


Updates scipy from 1.9.3 to 1.10.1

Release notes

Sourced from scipy's releases.

SciPy 1.10.1 Release Notes

SciPy 1.10.1 is a bug-fix release with no new features compared to 1.10.0.

Authors

  • Name (commits)
  • alice (1) +
  • Matt Borland (2) +
  • Evgeni Burovski (2)
  • CJ Carey (1)
  • Ralf Gommers (9)
  • Brett Graham (1) +
  • Matt Haberland (5)
  • Alex Herbert (1) +
  • Ganesh Kathiresan (2) +
  • Rishi Kulkarni (1) +
  • Loïc Estève (1)
  • Michał Górny (1) +
  • Jarrod Millman (1)
  • Andrew Nelson (4)
  • Tyler Reddy (50)
  • Pamphile Roy (2)
  • Eli Schwartz (2)
  • Tomer Sery (1) +
  • Kai Striega (1)
  • Jacopo Tissino (1) +
  • windows-server-2003 (1)

A total of 21 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

SciPy 1.10.0 Release Notes

SciPy 1.10.0 is the culmination of 6 months of hard work. It contains many new features, numerous bug-fixes, improved test coverage and better documentation. There have been a number of deprecations and API changes in this release, which are documented below. All users are encouraged to upgrade to this release, as there are a large number of bug-fixes and optimizations. Before upgrading, we recommend that users check that their own code does not use deprecated SciPy functionality (to do so, run your code with python -Wd and check for DeprecationWarning s). Our development attention will now shift to bug-fix releases on the 1.10.x branch, and on adding new features on the main branch.

... (truncated)

Commits
  • c1ed5ec REL: 1.10.1 release commit [wheel build]
  • 5f022bd Merge pull request #18001 from tylerjereddy/treddy_scipy_1_10_1_rd2
  • 5789a76 MAINT: test wheel builds [wheel build]
  • 79bc9c3 DOC: update relnotes/mailmap
  • 6abc551 BUG: diffev exponential crossover
  • 9bb12cd DOC: update link of the logo in the readme
  • c33c679 BUG: Use raw strings for paths
  • 78e790c Fix powm1 overflow handling
  • a225f2b BUG: fix Johnson's algorithm.
  • 04e26b6 BUG: special: Fix handling of powm1 overflow errors (#17855)
  • Additional commits viewable in compare view


Updates cryptography from 41.0.3 to 42.0.4

Changelog

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20


* Fixed a null-pointer-dereference and segfault that could occur when creating
  a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
  issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
  and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
  definitions in :rfc:`2633` :rfc:`3370`.

.. _v42-0-3:


42.0.3 - 2024-02-15

  • Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30


* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
  ``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
  ``X25519PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
  ``X448PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
  and ``DHPrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.

.. _v42-0-1:


42.0.1 - 2024-01-24

  • Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
  • Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22


</tr></table>

... (truncated)

Commits


Updates urllib3 from 2.0.4 to 2.0.7

Release notes

Sourced from urllib3's releases.

2.0.7

  • Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

2.0.6

  • Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

2.0.5

  • Allowed pyOpenSSL third-party module without any deprecation warning. #3126
  • Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. #3066
Changelog

Sourced from urllib3's changelog.

2.0.7 (2023-10-17)

  • Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

2.0.6 (2023-10-02)

  • Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.

2.0.5 (2023-09-20)

  • Allowed pyOpenSSL third-party module without any deprecation warning. ([#3126](https://github.com/urllib3/urllib3/issues/3126) <https://github.com/urllib3/urllib3/issues/3126>__)
  • Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. ([#3066](https://github.com/urllib3/urllib3/issues/3066) <https://github.com/urllib3/urllib3/issues/3066>__)
Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/4k4xs4pH1r3/stringsifter/network/alerts).
difflens[bot] commented 8 months ago

View changes in DiffLens