Bump the production-dependencies group across 1 directory with 4 updates

[dependabot[bot]]

Bumps the production-dependencies group with 4 updates in the / directory: asteval, cachetools, numpy and shapely.

Updates asteval from 1.0.0 to 1.0.1

Release notes

Sourced from asteval's releases.

1.0.1

security fixes, based on audit by Andrew Effenhauser, Ayman Hammad, and Daniel Crowley, IBM X-Force Security Research division

• remove numpy modules polynomial, fft, linalg by default for security concerns
• disallow string.format(), improve security of f-string evaluation

Commits

• c673c8b update doc to describe audit by IBM security research group
• d85e7cb remove numpy modules polynomial, fft, linalg by default for security concerns
• 1b453ec disallow string.format(), improve security of f-string evaluation
• See full diff in compare view

Updates cachetools from 5.3.3 to 5.4.0

Changelog

Sourced from cachetools's changelog.

v5.4.0 (2024-07-15)

• Add the keys.typedmethodkey decorator.

• Deprecate MRUCache class.

• Deprecate @func.mru_cache decorator.

• Update CI environment.

Commits

• 990665b Release v5.4.0.
• ebff841 Fix #256: Deprecate MRUCache class.
• f9021d5 Fix #256: Deprecate @​mru_cache decorator.
• f461c73 Merge remote-tracking branch 'origin/dependabot/github_actions/codecov/codeco...
• a56d38e Merge remote-tracking branch 'origin/dependabot/github_actions/actions/checko...
• 7354593 Bump actions/checkout from 4.1.6 to 4.1.7
• 1a4bd04 Bump codecov/codecov-action from 4.4.1 to 4.5.0
• e669b99 Add the keys.typedmethodkey decorator
• fbf0b7e Bump actions/checkout from 4.1.4 to 4.1.6
• 226028d Bump codecov/codecov-action from 4.3.1 to 4.4.1
• Additional commits viewable in compare view

Updates numpy from 2.0.0 to 2.0.1

Release notes

Sourced from numpy's releases.

v2.0.1

NumPy 2.0.1 Release Notes

NumPy 2.0.1 is a maintenance release that fixes bugs and regressions discovered after the 2.0.0 release. NumPy 2.0.1 is the last planned release in the 2.0.x series, 2.1.0rc1 should be out shortly.

The Python versions supported by this release are 3.9-3.12.

NOTE: Do not use the GitHub generated "Source code" files listed in the "Assets", they are garbage.

Improvements

np.quantile with method closest_observation chooses nearest even order statistic

This changes the definition of nearest for border cases from the nearest odd order statistic to nearest even order statistic. The numpy implementation now matches other reference implementations.

(gh-26656)

Contributors

A total of 15 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• @​vahidmech +
• Alex Herbert +
• Charles Harris
• Giovanni Del Monte +
• Leo Singer
• Lysandros Nikolaou
• Matti Picus
• Nathan Goldbaum
• Patrick J. Roddy +
• Raghuveer Devulapalli
• Ralf Gommers
• Rostan Tabet +
• Sebastian Berg
• Tyler Reddy
• Yannik Wicke +

Pull requests merged

A total of 24 pull requests were merged for this release.

• #26711: MAINT: prepare 2.0.x for further development
• #26792: TYP: fix incorrect import in ma/extras.pyi stub
• #26793: DOC: Mention '1.25' legacy printing mode in set_printoptions
• #26794: DOC: Remove mention of NaN and NAN aliases from constants

... (truncated)

Commits

• 4c9f431 Merge pull request #27000 from charris/prepare-2.0.1
• 0e70e00 REL: Prepare for the NumPy 2.0.1 release [wheel build]
• 4d10ffc Merge pull request #26995 from charris/backport-26985
• 764b667 BUG: Add object cast to avoid warning with limited API
• 9be6ad6 Merge pull request #26971 from charris/backport-26935
• 6d950e9 BUG: fix f2py tests to work with v2 API
• 89630c0 Merge pull request #26962 from charris/backport-26919
• 88fa840 TST: Apply test suggestion by Nathan for rlstrip fixes
• a9da01e BUG,MAINT: Fix utf-8 character stripping memory access
• 6afbbf8 Merge pull request #26963 from charris/backport-26930
• Additional commits viewable in compare view

Updates shapely from 2.0.4 to 2.0.5

Release notes

Sourced from shapely's releases.

2.0.5

Binary wheels on PyPI include GEOS 3.11.4 from 2024-06-05. Furthermore, universal2 wheels are removed for macOS since both x86_64 and arm64 wheels are provided.

Bug fixes:

• Fix Point x/y/z attributes to return Python floats (#2074).
• Fix affinity for Apple silicon with NumPy 2.0 by reverting matmul, and use direct matrix multiplication instead (#2085).

For a full changelog, see https://shapely.readthedocs.io/en/latest/release/2.x.html#version-2-0-5

Changelog

Sourced from shapely's changelog.

2.0.5 (2024-07-13)

Binary wheels on PyPI include GEOS 3.11.4 from 2024-06-05. Furthermore, universal2 wheels are removed for macOS since both x86_64 and arm64 wheels are provided.

Bug fixes:

• Fix Point x/y/z attributes to return Python floats (#2074).
• Fix affinity for Apple silicon with NumPy 2.0 by reverting matmul, and use direct matrix multiplication instead (#2085).

Commits

• a4fe42f RLS: 2.0.5
• 0bfcf3a DOC/RLS: starts changelog for 2.0.5 (#2088)
• b186704 RLS/CI: upgrade GEOS versions to latest minor, add more to CI matrix (#2086)
• 1ede9b2 FIX: replace matmul with manual matrix multiplication for affinity (#2085)
• 0748c40 BUG: fix Point x/y/z/m attribtues to return Python floats (#2074)
• 7903b2d Bump pypa/cibuildwheel from 2.19.1 to 2.19.2 (#2083)
• e75c3a2 RLS/BLD: use native Apple Silicon macOS for arm64 wheels; remove universal2 (...
• 13eb644 BLD: replace pkg_resources, prepend numpy include dirs (#2071)
• ac283c3 CI: Update macos-11 image to macos-13 (#2072)
• 473c202 Bump pypa/cibuildwheel from 2.18.1 to 2.19.1 (#2068)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[abey79]

@dependabot rebase

[sonarcloud[bot]]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[dependabot[bot]]

Looks like these dependencies are updatable in another way, so this is no longer needed.