search

YeonwooSung / MLOps

Miscellaneous codes and writings for MLOps
GNU General Public License v3.0
11 stars 1 forks source link

build(deps): bump the pip group across 1 directories with 15 updates #39

Closed dependabot[bot] closed 10 months ago

dependabot[bot] commented 10 months ago

Bumps the pip group with 15 updates in the /spark/spark_nlp directory:

Package From To
certifi 2020.6.20 2023.7.22
flask 1.1.2 2.2.5
grpcio 1.30.0 1.53.0
jinja2 2.11.2 3.1.3
joblib 0.16.0 1.2.0
mpmath 1.1.0 1.3.0
pillow 7.0.0 10.2.0
pyarrow 0.14.1 14.0.1
requests 2.23.0 2.31.0
scipy 1.4.1 1.11.1
sqlparse 0.3.1 0.4.4
tensorflow 2.2.0 2.11.1
tornado 5.1.1 6.3.3
urllib3 1.24.3 1.26.18
werkzeug 1.0.1 2.3.8

Updates certifi from 2020.6.20 to 2023.7.22

Commits


Updates flask from 1.1.2 to 2.2.5

Release notes

Sourced from flask's releases.

2.2.5

This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

2.2.4

This is a fix release for the 2.2.x release branch.

2.2.3

This is a fix release for the 2.2.x release branch.

2.2.2

This is a fix release for the 2.2.0 feature release.

2.2.1

This is a fix release for the 2.2.0 feature release.

2.2.0

This is a feature release, which includes new features and removes previously deprecated code. The 2.2.x branch is now the supported bug fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

2.1.3

2.1.2

This is a fix release for the 2.1.0 feature release.

2.1.1

This is a fix release for the 2.1.0 feature release.

... (truncated)

Changelog

Sourced from flask's changelog.

Version 2.2.5

Released 2023-05-02

  • Update for compatibility with Werkzeug 2.3.3.
  • Set Vary: Cookie header when the session is accessed, modified, or refreshed.

Version 2.2.4

Released 2023-04-25

  • Update for compatibility with Werkzeug 2.3.

Version 2.2.3

Released 2023-02-15

  • Autoescape is enabled by default for .svg template files. :issue:4831
  • Fix the type of template_folder to accept pathlib.Path. :issue:4892
  • Add --debug option to the flask run command. :issue:4777

Version 2.2.2

Released 2022-08-08

  • Update Werkzeug dependency to >= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:4754
  • Fix the default value for app.env to be "production". This attribute remains deprecated. :issue:4740

Version 2.2.1

Released 2022-08-03

  • Setting or accessing json_encoder or json_decoder raises a deprecation warning. :issue:4732

Version 2.2.0

... (truncated)

Commits


Updates grpcio from 1.30.0 to 1.53.0

Release notes

Sourced from grpcio's releases.

Release v1.53.0

This is release 1.53.0 (glockenspiel) of gRPC Core.

For gRPC documentation, see grpc.io. For previous releases, see Releases.

This release contains refinements, improvements, and bug fixes, with highlights listed below.

Core

  • xDS: fix crash when removing the last endpoint from the last locality in weighted_target. (#32592)
  • filter stack: pass peer name up via recv_initial_metadata batch. (#31933)
  • [EventEngine] Add advice against blocking work in callbacks. (#32397)
  • [http2] Dont drop connections on metadata limit exceeded. (#32309)
  • xDS: reject aggregate cluster with empty cluster list. (#32238)
  • Fix Python epoll1 Fork Support. (#32196)
  • server: introduce ServerMetricRecorder API and move per-call reporting from a C++ interceptor to a C-core filter. (#32106)
  • [EventEngine] Add invalid handle types to the public API. (#32202)
  • [EventEngine] Refactoring the EventEngine Test Suite: Part 1. (#32127)
  • xDS: fix WeightedClusters total weight handling. (#32134)

C++

  • Update minimum MSVC version to 2019. (#32615)
  • Use CMake variables for paths in pkg-config files. (#31671)

C#

  • Grpc.Tools: Use x86 protoc binaries on arm64 Windows. (#32017)

Python

  • Support python 3.11 on aarch64. (#32270)
  • Include .pyi file. (#32268)
  • De-experimentalize wait-for-ready. (#32143)
  • De-experimentalize compression. (#32138)

Ruby

  • [ruby]: add pre-compiled binaries for ruby 3.2; drop them for ruby 2.6. (#32089)

Release v1.53.0-pre2

This is a prerelease of gRPC Core 1.53.0 (glockenspiel).

For gRPC documentation, see grpc.io. For previous releases, see Releases.

... (truncated)

Changelog

Sourced from grpcio's changelog.

gRPC Release Schedule

Below is the release schedule for gRPC Java, Go and Core and its dependent languages C++, C#, Objective-C, PHP, Python and Ruby.

Releases are scheduled every six weeks on Tuesdays on a best effort basis. In some unavoidable situations a release may be delayed or released early or a language may skip a release altogether and do the next release to catch up with other languages. See the past releases in the links above. A six-week cycle gives us a good balance between delivering new features/fixes quickly and keeping the release overhead low.

The gRPC release support policy can be found here.

Releases are cut from release branches. For Core and Java repos, the release branch is cut two weeks before the scheduled release date. For Go, the branch is cut just before the release. An RC (release candidate) is published for Core and its dependent languages just after the branch cut. This RC is later promoted to release version if no further changes are made to the release branch. We do our best to keep head of master branch stable at all times regardless of release schedule. Daily build packages from master branch for C#, PHP, Python, Ruby and Protoc plugins are published on packages.grpc.io. If you depend on gRPC in production we recommend to set up your CI system to test the RCs and, if possible, the daily builds.

Names of gRPC releases are here.

Release Scheduled Branch Cut Scheduled Release Date
v1.17.0 Nov 19, 2018 Dec 4, 2018
v1.18.0 Jan 2, 2019 Jan 15, 2019
v1.19.0 Feb 12, 2019 Feb 26, 2019
v1.20.0 Mar 26, 2019 Apr 9, 2019
v1.21.0 May 7, 2019 May 21, 2019
v1.22.0 Jun 18, 2019 Jul 2, 2019
v1.23.0 Jul 30, 2019 Aug 13, 2019
v1.24.0 Sept 10, 2019 Sept 24, 2019
v1.25.0 Oct 22, 2019 Nov 5, 2019
v1.26.0 Dec 3, 2019 Dec 17, 2019
v1.27.0 Jan 14, 2020 Jan 28, 2020
v1.28.0 Feb 25, 2020 Mar 10, 2020
v1.29.0 Apr 7, 2020 Apr 21, 2020
Commits
  • 358bfb5 Bump version to 1.53.0 (#32685)
  • 6e1ebe7 Backport: Ensure compatibility with the new custom kokoro win2019 image (#326...
  • 44a77f6 Backport 1.53: Update minimum MSVC version to 2019 (#32615)
  • c11153c backport to 1.53: xDS: fix crash when removing the last endpoint from the las...
  • 7c7712a Bump version to 1.53.0-pre2. (#32545)
  • a4017dc backport to 1.53: [promises] Make Poll<T> its own type, not a variant<> (#32540)
  • 3f93c16 Fuzzer fix backport to v1.53 (#32511)
  • 5b244b2 Bump release version to 1.53.0-pre1 (#32428)
  • 6589340 Bump core version 202302161703 (#32416)
  • d49e151 [backoff] Add random early detection classifier (#32354)
  • Additional commits viewable in compare view


Updates jinja2 from 2.11.2 to 3.1.3

Release notes

Sourced from jinja2's releases.

3.1.3

This is a fix release for the 3.1.x feature branch.

3.1.2

This is a fix release for the 3.1.0 feature release.

3.1.1

3.1.0

This is a feature release, which includes new features and removes previously deprecated features. The 3.1.x branch is now the supported bugfix branch, the 3.0.x branch has become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. We also encourage upgrading to MarkupSafe 2.1.1, the latest version at this time.

3.0.3

3.0.2

3.0.1

3.0.0

New major versions of all the core Pallets libraries, including Jinja 3.0, have been released! :tada:

This represents a significant amount of work, and there are quite a few changes. Be sure to carefully read the changelog, and use tools such as pip-compile and Dependabot to pin your dependencies and control your updates.

3.0.0rc2

Fixes an issue with the deprecated Markup subclass, #1401.

3.0.0rc1

... (truncated)

Changelog

Sourced from jinja2's changelog.

Version 3.1.3

Released 2024-01-10

  • Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858
  • xmlattr filter does not allow keys with spaces. GHSA-h5c8-rqwp-cp95
  • Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Version 3.1.2

Released 2022-04-28

  • Add parameters to Environment.overlay to match __init__. :issue:1645
  • Handle race condition in FileSystemBytecodeCache. :issue:1654

Version 3.1.1

Released 2022-03-25

  • The template filename on Windows uses the primary path separator. :issue:1637

Version 3.1.0

Released 2022-03-24

  • Drop support for Python 3.6. :pr:1534

  • Remove previously deprecated code. :pr:1544

    • WithExtension and AutoEscapeExtension are built-in now.
    • contextfilter and contextfunction are replaced by pass_context. evalcontextfilter and evalcontextfunction are replaced by pass_eval_context. environmentfilter and environmentfunction are replaced by pass_environment.
    • Markup and escape should be imported from MarkupSafe.
    • Compiled templates from very old Jinja versions may need to be recompiled.
    • Legacy resolve mode for Context subclasses is no longer supported. Override resolve_or_missing instead of

... (truncated)

Commits


Updates joblib from 0.16.0 to 1.2.0

Changelog

Sourced from joblib's changelog.

Release 1.2.0

  • Fix a security issue where eval(pre_dispatch) could potentially run arbitrary code. Now only basic numerics are supported. joblib/joblib#1327

  • Make sure that joblib works even when multiprocessing is not available, for instance with Pyodide joblib/joblib#1256

  • Avoid unnecessary warnings when workers and main process delete the temporary memmap folder contents concurrently. joblib/joblib#1263

  • Fix memory alignment bug for pickles containing numpy arrays. This is especially important when loading the pickle with mmap_mode != None as the resulting numpy.memmap object would not be able to correct the misalignment without performing a memory copy. This bug would cause invalid computation and segmentation faults with native code that would directly access the underlying data buffer of a numpy array, for instance C/C++/Cython code compiled with older GCC versions or some old OpenBLAS written in platform specific assembly. joblib/joblib#1254

  • Vendor cloudpickle 2.2.0 which adds support for PyPy 3.8+.

  • Vendor loky 3.3.0 which fixes several bugs including:

    • robustly forcibly terminating worker processes in case of a crash (joblib/joblib#1269);

    • avoiding leaking worker processes in case of nested loky parallel calls;

    • reliability spawn the correct number of reusable workers.

Release 1.1.1

  • Fix a security issue where eval(pre_dispatch) could potentially run arbitrary code. Now only basic numerics are supported. joblib/joblib#1327

Release 1.1.0

  • Fix byte order inconsistency issue during deserialization using joblib.load

... (truncated)

Commits
  • 5991350 Release 1.2.0
  • 3fa2188 MAINT cleanup numpy warnings related to np.matrix in tests (#1340)
  • cea26ff CI test the future loky-3.3.0 branch (#1338)
  • 8aca6f4 MAINT: remove pytest.warns(None) warnings in pytest 7 (#1264)
  • 067ed4f XFAIL test_child_raises_parent_exits_cleanly with multiprocessing (#1339)
  • ac4ebd5 MAINT add back pytest warnings plugin (#1337)
  • a23427d Test child raises parent exits cleanly more reliable on macos (#1335)
  • ac09691 [MAINT] various test updates (#1334)
  • 4a314b1 Vendor loky 3.2.0 (#1333)
  • bdf47e9 Make test_parallel_with_interactively_defined_functions_default_backend timeo...
  • Additional commits viewable in compare view


Updates mpmath from 1.1.0 to 1.3.0

Release notes

Sourced from mpmath's releases.

1.3.0

Security issues:

  • Fixed ReDOS vulnerability in mpmathify() (CVE-2021-29063) (Vinzent Steinberg)

Features:

  • Added quadsubdiv() for numerical integration with adaptive path splitting (Fredrik Johansson)
  • Added the Cohen algorithm for inverse Laplace transforms (Guillermo Navas-Palencia)
  • Some speedup of matrix multiplication (Fredrik Johansson)
  • Optimizations to Carlson elliptic integrals (Paul Masson)
  • Added signal functions (squarew(), trianglew(), sawtoothw(), unit_triangle() sigmoidw()) (Nike Dattani, Deyan Mihaylov, Tina Yu)

Bug fixes:

  • Correct mpf initialization from tuple for finf and fninf (Sergey B Kirpichev)
  • Support QR decomposition for matrices of width 0 and 1 (Clemens Hofreither)
  • Fixed some cases where elliprj() gave inaccurate results (Fredrik Johansson)
  • Fixed cases where digamma() hangs for complex input (Fredrik Johansson)
  • Fixed cases of polylog() with integer-valued parameter with complex type (Fredrik Johansson)
  • Fixed fp.nsum() with Euler-Maclaurin algorithm (Fredrik Johansson)

Maintenance:

  • Dropped support for Python 3.4 (Sergey B Kirpichev)
  • Documentation cleanup (Sergey B Kirpichev)
  • Removed obsolete files (Sergey B Kirpichev)
  • Added options to runtests.py to skip tests and exit on failure (Jonathan Warner)
Changelog

Sourced from mpmath's changelog.

--1.3.0-- Released March 7, 2023

Security issues:

  • Fixed ReDOS vulnerability in mpmathify() (CVE-2021-29063) (Vinzent Steinberg)

Features:

  • Added quadsubdiv() for numerical integration with adaptive path splitting (Fredrik Johansson)
  • Added the Cohen algorithm for inverse Laplace transforms (Guillermo Navas-Palencia)
  • Some speedup of matrix multiplication (Fredrik Johansson)
  • Optimizations to Carlson elliptic integrals (Paul Masson)
  • Added signal functions (squarew(), trianglew(), sawtoothw(), unit_triangle() sigmoidw()) (Nike Dattani, Deyan Mihaylov, Tina Yu)

Bug fixes:

  • Correct mpf initialization from tuple for finf and fninf (Sergey B Kirpichev)
  • Support QR decomposition for matrices of width 0 and 1 (Clemens Hofreither)
  • Fixed some cases where elliprj() gave inaccurate results (Fredrik Johansson)
  • Fixed cases where digamma() hangs for complex input (Fredrik Johansson)
  • Fixed cases of polylog() with integer-valued parameter with complex type (Fredrik Johansson)
  • Fixed fp.nsum() with Euler-Maclaurin algorithm (Fredrik Johansson)

Maintenance:

  • Dropped support for Python 3.4 (Sergey B Kirpichev)
  • Documentation cleanup (Sergey B Kirpichev)
  • Removed obsolete files (Sergey B Kirpichev)
  • Added options to runtests.py to skip tests and exit on failure (Jonathan Warner)

--1.2.0-- Released February 1, 2021

Features and optimizations:

  • Support @ operator for matrix multiplication (Max Gaukler)
  • Add eta() implementing the Dedekind eta function
  • Optimized the python_trailing function (adhoc-king)
  • Implement unary plus for matrices (Max Gaukler)
  • Improved calculation of gram_index (p15-git-acc)

Compatibility:

... (truncated)

Commits
  • b5c0450 version 1.3.0
  • a27581c Merge pull request #656 from cclauss/patch-2
  • 9d7884b don't use .ae method in library code
  • 967de83 Downgrade to ubuntu-20.04 for Py35 and Py36
  • 6425c6a build: strategy: fail-fast: false
  • e2341c7 GitHub Actions: Test on Python 3.11 production release
  • 1258e33 fix failing doctests
  • b7c15d6 include signals documentation; remove duplicate docstrings
  • 1b476ea update doc building instructions
  • 5f57beb Merge pull request #646 from cclauss/patch-1
  • Additional commits viewable in compare view


Updates pillow from 7.0.0 to 10.2.0

Release notes

Sourced from pillow's releases.

10.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Changes

... (truncated)

Changelog

Sourced from pillow's changelog.

10.2.0 (2024-01-02)

  • Add keep_rgb option when saving JPEG to prevent conversion of RGB colorspace #7553 [bgilbert, radarhere]

  • Trim glyph size in ImageFont.getmask() #7669, #7672 [radarhere, nulano]

  • Deprecate IptcImagePlugin helpers #7664 [nulano, hugovk, radarhere]

  • Allow uncompressed TIFF images to be saved in chunks #7650 [radarhere]

  • Concatenate multiple JPEG EXIF markers #7496 [radarhere]

  • Changed IPTC tile tuple to match other plugins #7661 [radarhere]

  • Do not assign new fp attribute when exiting context manager #7566 [radarhere]

  • Support arbitrary masks for uncompressed RGB DDS images #7589 [radarhere, akx]

  • Support setting ROWSPERSTRIP tag #7654 [radarhere]

  • Apply ImageFont.MAX_STRING_LENGTH to ImageFont.getmask() #7662 [radarhere]

  • Optimise ImageColor using functools.lru_cache #7657 [hugovk]

  • Restricted environment keys for ImageMath.eval() #7655 [wiredfool, radarhere]

  • Optimise ImageMode.getmode using functools.lru_cache #7641 [hugovk, radarhere]

  • Fix incorrect color blending for overlapping glyphs #7497 [ZachNagengast, nulano, radarhere]

  • Attempt memory mapping when tile args is a string #7565 [radarhere]

  • Fill identical pixels with transparency in subsequent frames when saving GIF #7568 [radarhere]

... (truncated)

Commits
  • 6956d0b 10.2.0 version bump
  • 31c8dac Merge pull request #7675 from python-pillow/pre-commit-ci-update-config
  • 40a3f91 Merge pull request #7674 from nulano/url-example
  • cb41b0c [pre-commit.ci] pre-commit autoupdate
  • de62b25 fix image url in "Reading from URL" example
  • 7c526a6 Update CHANGES.rst [ci skip]
  • d93a5ad Merge pull request #7553 from bgilbert/jpeg-rgb
  • aed764f Update CHANGES.rst [ci skip]
  • f8df530 Merge pull request #7672 from nulano/imagefont-negative-crop
  • 24e9485 Merge pull request #7671 from radarhere/imagetransform
  • Additional commits viewable in compare view


Updates pyarrow from 0.14.1 to 14.0.1

Commits


Updates requests from 2.23.0 to 2.31.0

Release notes

Sourced from requests's releases.

v2.31.0

2.31.0 (2023-05-22)

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

    Full details can be read in our Github Security Advisory and CVE-2023-32681.

v2.30.0

2.30.0 (2023-05-03)

Dependencies

v2.29.0

2.29.0 (2023-04-26)

Improvements

  • Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
  • Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

... (truncated)

Changelog

Sourced from requests's changelog.

2.31.0 (2023-05-22)

Security

  • Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

    When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

    In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

    Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

    Full details can be read in our Github Security Advisory and CVE-2023-32681.

2.30.0 (2023-05-03)

Dependencies

2.29.0 (2023-04-26)

Improvements

  • Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
  • Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

2.28.2 (2023-01-12)

... (truncated)

Commits


Updates scipy from 1.4.1 to 1.11.1

Release notes

Sourced from scipy's releases.

SciPy 1.11.1 Release Notes

SciPy 1.11.1 is a bug-fix release with no new featur... _Description has been truncated_