search

String-sg / ai-starter-kit

Starter kit for educators to test, adopt and iterate on genAI tools in the classroom
https://aistarterkit.streamlit.app/
3 stars 8 forks source link

Bump the pip group across 1 directories with 10 updates #80

Closed dependabot[bot] closed 7 months ago

dependabot[bot] commented 7 months ago

Bumps the pip group with 10 updates in the /. directory:

Package From To
aiohttp 3.8.5 3.9.2
cryptography 41.0.3 42.0.0
fonttools 4.42.1 4.43.0
jinja2 3.1.2 3.1.3
langchain 0.0.314 0.0.329
pyarrow 13.0.0 14.0.1
python-multipart 0.0.6 0.0.7
streamlit 1.27.2 1.30.0
transformers 4.33.1 4.36.0
urllib3 2.0.4 2.0.7

Updates aiohttp from 3.8.5 to 3.9.2

Release notes

Sourced from aiohttp's releases.

3.9.2

Bug fixes

  • Fixed server-side websocket connection leak.

    Related issues and pull requests on GitHub: #7978.

  • Fixed web.FileResponse doing blocking I/O in the event loop.

    Related issues and pull requests on GitHub: #8012.

  • Fixed double compress when compression enabled and compressed file exists in server file responses.

    Related issues and pull requests on GitHub: #8014.

  • Added runtime type check for ClientSession timeout parameter.

    Related issues and pull requests on GitHub: #8021.

  • Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

    Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

    Related issues and pull requests on GitHub: #8074.

  • Improved validation of paths for static resources requests to the server -- by :user:bdraco.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.2 (2024-01-28)

Bug fixes

  • Fixed server-side websocket connection leak.

    Related issues and pull requests on GitHub: :issue:7978.

  • Fixed web.FileResponse doing blocking I/O in the event loop.

    Related issues and pull requests on GitHub: :issue:8012.

  • Fixed double compress when compression enabled and compressed file exists in server file responses.

    Related issues and pull requests on GitHub: :issue:8014.

  • Added runtime type check for ClientSession timeout parameter.

    Related issues and pull requests on GitHub: :issue:8021.

  • Fixed an unhandled exception in the Python HTTP parser on header lines starting with a colon -- by :user:pajod.

    Invalid request lines with anything but a dot between the HTTP major and minor version are now rejected. Invalid header field names containing question mark or slash are now rejected. Such requests are incompatible with :rfc:9110#section-5.6.2 and are not known to be of any legitimate use.

    Related issues and pull requests on GitHub: :issue:8074.

... (truncated)

Commits
  • 24a6d64 Release v3.9.2 (#8082)
  • 9118a58 [PR #8079/1c335944 backport][3.9] Validate static paths (#8080)
  • 435ad46 [PR #3955/8960063e backport][3.9] Replace all tmpdir fixtures with tmp_path (...
  • d33bc21 Improve validation in HTTP parser (#8074) (#8078)
  • 0d945d1 [PR #7916/822fbc74 backport][3.9] Add more information to contributing page (...
  • 3ec4fa1 [PR #8069/69bbe874 backport][3.9] 📝 Only show changelog draft for non-release...
  • 419d715 [PR #8066/cba34699 backport][3.9] 💅📝 Restructure the changelog for clarity (#...
  • a54dab3 [PR #8049/a379e634 backport][3.9] Set cause for ClientPayloadError (#8050)
  • 437ac47 [PR #7995/43a5bc50 backport][3.9] Fix examples of fallback_charset_resolver...
  • 034e5e3 [PR #8042/4b91b530 backport][3.9] Tightening the runtime type check for ssl (...
  • Additional commits viewable in compare view


Updates cryptography from 41.0.3 to 42.0.0

Changelog

Sourced from cryptography's changelog.

42.0.0 - 2024-01-22


* **BACKWARDS INCOMPATIBLE:** Dropped support for LibreSSL < 3.7.
* **BACKWARDS INCOMPATIBLE:** Loading a PKCS7 with no content field using
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_pem_pkcs7_certificates`
  or
  :func:`~cryptography.hazmat.primitives.serialization.pkcs7.load_der_pkcs7_certificates`
  will now raise a ``ValueError`` rather than return an empty list.
* Parsing SSH certificates no longer permits malformed critical options with
  values, as documented in the 41.0.2 release notes.
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.0.
* Updated the minimum supported Rust version (MSRV) to 1.63.0, from 1.56.0.
* We now publish both ``py37`` and ``py39`` ``abi3`` wheels. This should
  resolve some errors relating to initializing a module multiple times per
  process.
* Support :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS` for
  X.509 certificate signing requests and certificate revocation lists with the
  keyword-only argument ``rsa_padding`` on the ``sign`` methods for
  :class:`~cryptography.x509.CertificateSigningRequestBuilder` and
  :class:`~cryptography.x509.CertificateRevocationListBuilder`.
* Added support for obtaining X.509 certificate signing request signature
  algorithm parameters (including PSS) via
  :meth:`~cryptography.x509.CertificateSigningRequest.signature_algorithm_parameters`.
* Added support for obtaining X.509 certificate revocation list signature
  algorithm parameters (including PSS) via
  :meth:`~cryptography.x509.CertificateRevocationList.signature_algorithm_parameters`.
* Added ``mgf`` property to
  :class:`~cryptography.hazmat.primitives.asymmetric.padding.PSS`.
* Added ``algorithm`` and ``mgf`` properties to
  :class:`~cryptography.hazmat.primitives.asymmetric.padding.OAEP`.
* Added the following properties that return timezone-aware ``datetime`` objects:
  :meth:`~cryptography.x509.Certificate.not_valid_before_utc`,
  :meth:`~cryptography.x509.Certificate.not_valid_after_utc`,
  :meth:`~cryptography.x509.RevokedCertificate.revocation_date_utc`,
  :meth:`~cryptography.x509.CertificateRevocationList.next_update_utc`,
  :meth:`~cryptography.x509.CertificateRevocationList.last_update_utc`.
  These are timezone-aware variants of existing properties that return naïve
  ``datetime`` objects.
* Deprecated the following properties that return naïve ``datetime`` objects:
  :meth:`~cryptography.x509.Certificate.not_valid_before`,
  :meth:`~cryptography.x509.Certificate.not_valid_after`,
  :meth:`~cryptography.x509.RevokedCertificate.revocation_date`,
  :meth:`~cryptography.x509.CertificateRevocationList.next_update`,
  :meth:`~cryptography.x509.CertificateRevocationList.last_update`
  in favor of the new timezone-aware variants mentioned above.
* Added support for
  :class:`~cryptography.hazmat.primitives.ciphers.algorithms.ChaCha20`
  on LibreSSL.
* Added support for RSA PSS signatures in PKCS7 with
</tr></table>

... (truncated)

Commits


Updates fonttools from 4.42.1 to 4.43.0

Release notes

Sourced from fonttools's releases.

4.43.0

  • [subset] Set up lxml XMLParser(resolve_entities=False) when parsing OT-SVG documents to prevent XML External Entity (XXE) attacks (9f61271dc): https://codeql.github.com/codeql-query-help/python/py-xxe/
  • [varLib.iup] Added workaround for a Cython bug in iup_delta_optimize that was leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas (60126435d, cython/cython#5732).
  • [varLib] Added new command-line entry point fonttools varLib.avar to add an avar table to an existing VF from axes mappings in a .designspace file (0a3360e52).
  • [instancer] Fixed bug whereby no longer used variation regions were not correctly pruned after VarData optimization (#3268).
  • Added support for Python 3.12 (#3283).
Changelog

Sourced from fonttools's changelog.

4.43.0 (released 2023-09-29)

  • [subset] Set up lxml XMLParser(resolve_entities=False) when parsing OT-SVG documents to prevent XML External Entity (XXE) attacks (9f61271dc): https://codeql.github.com/codeql-query-help/python/py-xxe/
  • [varLib.iup] Added workaround for a Cython bug in iup_delta_optimize that was leading to IUP tolerance being incorrectly initialised, resulting in sub-optimal deltas (60126435d, cython/cython#5732).
  • [varLib] Added new command-line entry point fonttools varLib.avar to add an avar table to an existing VF from axes mappings in a .designspace file (0a3360e52).
  • [instancer] Fixed bug whereby no longer used variation regions were not correctly pruned after VarData optimization (#3268).
  • Added support for Python 3.12 (#3283).
Commits
  • 145460e Release 4.43.0
  • 64f3fd8 Update changelog [skip ci]
  • 7aea49e Merge pull request #3283 from hugovk/main
  • 4470c44 Bump requirements.txt to support Python 3.12
  • 0c87cba Bump scipy for Python 3.12 support
  • eda6fa5 Add support for Python 3.12
  • 0e033b0 Bump reportlab from 3.6.12 to 3.6.13 in /Doc
  • 6012643 [iup] Work around cython bug
  • b14268a [iup] Remove copy/pasta
  • 0a3360e [varLib.avar] New module to compile avar from .designspace file
  • Additional commits viewable in compare view


Updates jinja2 from 3.1.2 to 3.1.3

Release notes

Sourced from jinja2's releases.

3.1.3

This is a fix release for the 3.1.x feature branch.

Changelog

Sourced from jinja2's changelog.

Version 3.1.3

Released 2024-01-10

  • Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858
  • xmlattr filter does not allow keys with spaces. GHSA-h5c8-rqwp-cp95
  • Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918
Commits


Updates langchain from 0.0.314 to 0.0.329

Release notes

Sourced from langchain's releases.

v0.0.329

What's Changed

... (truncated)

Commits


Updates pyarrow from 13.0.0 to 14.0.1

Commits


Updates python-multipart from 0.0.6 to 0.0.7

Changelog

Sourced from python-multipart's changelog.

0.0.7 (2024-02-03)

  • Refactor header option parser to use the standard library instead of a custom RegEx #75.
Commits
  • c83e6da Version 0.0.7 (#77)
  • fb7d3c9 Bump pygments from 2.7.4 to 2.15.0 (#66)
  • 20f0ef6 ♻️ Refactor header option parser to use the standard library instead of a cus...
  • d3d16da Use latest invoke version (2.2.0) (#73)
  • 8e59feb Use single quotes to avoid special zsh chars '[' and ']' (#71)
  • 86d422c Update changelog URL (#68)
  • 3929f8e Move tests folder to root folder (#61)
  • See full diff in compare view


Updates streamlit from 1.27.2 to 1.30.0

Release notes

Sourced from streamlit's releases.

1.30.0

What's Changed

New Features 🎉

Bug Fixes 🐛

Other Changes

New Contributors

Full Changelog: https://github.com/streamlit/streamlit/compare/1.29.0...1.30.0

1.29.0

What's Changed

Breaking Changes 🛠

New Features 🎉

... (truncated)

Commits


Updates transformers from 4.33.1 to 4.36.0

Release notes

Sourced from transformers's releases.

v4.36: Mixtral, Llava/BakLlava, SeamlessM4T v2, AMD ROCm, F.sdpa wide-spread support

New model additions

Mixtral

Mixtral is the new open-source model from Mistral AI announced by the blogpost Mixtral of Experts. The model has been proven to have comparable capabilities to Chat-GPT according to the benchmark results shared on the release blogpost.

The architecture is a sparse Mixture of Experts with Top-2 routing strategy, similar as NllbMoe architecture in transformers. You can use it through AutoModelForCausalLM interface:

>>> import torch
>>> from transformers import AutoModelForCausalLM, AutoTokenizer

>>> model = AutoModelForCausalLM.from_pretrained("mistralai/Mixtral-8x7B", torch_dtype=torch.float16, device_map="auto")
>>> tokenizer = AutoTokenizer.from_pretrained("mistralai/Mistral-8x7B")


>>> prompt = "My favourite condiment is"


>>> model_inputs = tokenizer([prompt], return_tensors="pt").to(device)
>>> model.to(device)


>>> generated_ids = model.generate(**model_inputs, max_new_tokens=100, do_sample=True)
>>> tokenizer.batch_decode(generated_ids)[0]

The model is compatible with existing optimisation tools such Flash Attention 2, bitsandbytes and PEFT library. The checkpoints are release under mistralai organisation on the Hugging Face Hub.

Llava / BakLlava

Llava is an open-source chatbot trained by fine-tuning LlamA/Vicuna on GPT-generated multimodal instruction-following data. It is an auto-regressive language model, based on the transformer architecture. In other words, it is an multi-modal version of LLMs fine-tuned for chat / instructions.

The Llava model was proposed in Improved Baselines with Visual Instruction Tuning by Haotian Liu, Chunyuan Li, Yuheng Li and Yong Jae Lee.

The integration also includes BakLlava which is a Llava model trained with Mistral backbone.

The mode is compatible with "image-to-text" pipeline:

from transformers import pipeline
from PIL import Image    
import requests

model_id = "llava-hf/llava-1.5-7b-hf"
</tr></table>

... (truncated)

Commits


Updates urllib3 from 2.0.4 to 2.0.7

Release notes

Sourced from urllib3's releases.

2.0.7

  • Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses. (GHSA-g4mx-q9vg-27p4)

2.0.6

  • Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect. (GHSA-v845-jxx5-vc9f)

2.0.5

  • Allowed pyOpenSSL third-party module without any deprecation warning. #3126
  • Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. #3066
Changelog

Sourced from urllib3's changelog.

2.0.7 (2023-10-17)

  • Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other" redirect responses.

2.0.6 (2023-10-02)

  • Added the Cookie header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.

2.0.5 (2023-09-20)

  • Allowed pyOpenSSL third-party module without any deprecation warning. ([#3126](https://github.com/urllib3/urllib3/issues/3126) <https://github.com/urllib3/urllib3/issues/3126>__)
  • Fixed default blocksize of HTTPConnection classes to match high-level classes. Previously was 8KiB, now 16KiB. ([#3066](https://github.com/urllib3/urllib3/issues/3066) <https://github.com/urllib3/urllib3/issues/3066>__)
Commits


Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions You can disable automated security fix PRs for this repo from the [Security Alerts page](https://github.com/String-sg/ai-starter-kit/network/alerts).
dependabot[bot] commented 7 months ago

Superseded by #81.