Skip to content

Bump the pip group across 1 directories with 9 updates#90

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pip-security-group-8950b300d0
Open

Bump the pip group across 1 directories with 9 updates#90
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/pip/pip-security-group-8950b300d0

Conversation

@dependabot
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Feb 28, 2024

Bumps the pip group with 9 updates in the / directory:

Package From To
aiohttp 3.9.2 3.9.3
cryptography 42.0.4 42.0.5
fonttools 4.43.0 4.49.0
gitpython 3.1.35 3.1.41
langchain 0.1.0 0.1.9
pyarrow 14.0.1 15.0.0
streamlit 1.30.0 1.31.1
transformers 4.36.0 4.38.1
urllib3 2.0.7 2.2.1

Updates aiohttp from 3.9.2 to 3.9.3

Release notes

Sourced from aiohttp's releases.

3.9.3

Bug fixes

  • Fixed backwards compatibility breakage (in 3.9.2) of ssl parameter when set outside of ClientSession (e.g. directly in TCPConnector) -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub: #8097, #8098.

Miscellaneous internal changes

  • Improved test suite handling of paths and temp files to consistently use pathlib and pytest fixtures.

    Related issues and pull requests on GitHub: #3957.

Changelog

Sourced from aiohttp's changelog.

3.9.3 (2024-01-29)

Bug fixes

  • Fixed backwards compatibility breakage (in 3.9.2) of ssl parameter when set outside of ClientSession (e.g. directly in TCPConnector) -- by :user:Dreamsorcerer.

    Related issues and pull requests on GitHub: :issue:8097, :issue:8098.

Miscellaneous internal changes

  • Improved test suite handling of paths and temp files to consistently use pathlib and pytest fixtures.

    Related issues and pull requests on GitHub: :issue:3957.

Commits

Updates cryptography from 42.0.4 to 42.0.5

Changelog

Sourced from cryptography's changelog.

42.0.5 - 2024-02-23


* Limit the number of name constraint checks that will be performed in
  :mod:`X.509 path validation <cryptography.x509.verification>` to protect
  against denial of service attacks.
* Upgrade ``pyo3`` version, which fixes building on PowerPC.

.. _v42-0-4:

Commits

Updates fonttools from 4.43.0 to 4.49.0

Release notes

Sourced from fonttools's releases.

4.49.0

  • [otlLib] Add API for building MATH table (#3446)

4.48.1

  • Fixed uploading wheels to PyPI, no code changes since v4.48.0.

4.48.0

  • [varLib] Do not log when there are no OTL tables to be merged.
  • [setup.py] Do not restrict lxml=5.
  • [feaLib] Remove glyph and class names length restrictions in FEA (#3424).
  • [roundingPens] Added transformRoundFunc parameter to the rounding pens to allow for custom rounding of the components' transforms (#3426).
  • [feaLib] Keep declaration order of ligature components within a ligature set, instead of sorting by glyph name (#3429).
  • [feaLib] Fixed ordering of alternates in aalt lookups, following the declaration order of feature references within the aalt feature block (#3430).
  • [varLib.instancer] Fixed a bug in the instancer's IUP optimization (#3432).
  • [sbix] Support sbix glyphs with new graphicType "flip" (#3433).
  • [svgPathPen] Added --glyphs option to dump the SVG paths for the named glyphs in the font (0572f78).
  • [designspaceLib] Added "description" attribute to <mappings> and <mapping> elements, and allow multiple <mappings> elements to group <mapping> elements that are logically related (#3435, #3437).
  • [otlLib] Correctly choose the most compact GSUB contextual lookup format (#3439).

4.47.2

Minor release to fix uploading wheels to PyPI.

4.47.1

  • [merge] Improve help message and add standard command line options (#3408)
  • [otlLib] Pass ttFont to name.addName in buildStatTable (#3406)
  • [featureVars] Re-use FeatureVariationRecords when possible (#3413)

4.47.0

  • [varLib.models] New API for VariationModel: getMasterScalars and interpolateFromValuesAndScalars.
  • [varLib.interpolatable] Various bugfixes and rendering improvements. In particular, add a Summary page in the front, and an Index and Table-of-Contents in the back. Change the page size to Letter.
  • [Docs/designspaceLib] Defined a new public.fontInfo lib key, not used anywhere yet (#3358).

4.46.0

  • [featureVars] Allow to register the same set of substitution rules to multiple features. The addFeatureVariations function can now take a list of featureTags; similarly, the lib key 'com.github.fonttools.varLib.featureVarsFeatureTag' can now take a comma-separateed string of feature tags (e.g. "salt,ss01") instead of a single tag (#3360).
  • [featureVars] Don't overwrite GSUB FeatureVariations, but append new records to it for features which are not already there. But raise VarLibError if the feature tag already has feature variations associated with it (#3363).
  • [varLib] Added addGSUBFeatureVariations function to add GSUB Feature Variations to an existing variable font from rules defined in a DesignSpace document (#3362).
  • [varLib.interpolatable] Various bugfixes and rendering improvements. In particular, a new test for "underweight" glyphs. The new test reports quite a few false-positives though. Please send feedback.

4.45.1

  • [varLib.interpolatable] Various bugfixes and improvements, better reporting, reduced false positives.
  • [ttGlyphSet] Added option to not recalculate glyf bounds (#3348).

4.45.0

  • [varLib.interpolator] Vastly improved algorithms. Also available now is --pdf and --html options to generate a PDF or HTML report of the interpolation issues.
    The PDF/HTML report showcases the problematic masters, the interpolated broken glyph, as well as the proposed fixed version.

4.44.3

  • [subset] Only prune codepage ranges for OS/2.version >= 1, ignore otherwise (#3334).
  • [instancer] Ensure hhea vertical metrics stay in sync with OS/2 ones after instancing MVAR table containing 'hasc', 'hdsc' or 'hlgp' tags (#3297).

... (truncated)

Changelog

Sourced from fonttools's changelog.

4.49.0 (released 2024-02-15)

  • [otlLib] Add API for building MATH table (#3446)

4.48.1 (released 2024-02-06)

  • Fixed uploading wheels to PyPI, no code changes since v4.48.0.

4.48.0 (released 2024-02-06)

  • [varLib] Do not log when there are no OTL tables to be merged.
  • [setup.py] Do not restrict lxml=5.
  • [feaLib] Remove glyph and class names length restrictions in FEA (#3424).
  • [roundingPens] Added transformRoundFunc parameter to the rounding pens to allow for custom rounding of the components' transforms (#3426).
  • [feaLib] Keep declaration order of ligature components within a ligature set, instead of sorting by glyph name (#3429).
  • [feaLib] Fixed ordering of alternates in aalt lookups, following the declaration order of feature references within the aalt feature block (#3430).
  • [varLib.instancer] Fixed a bug in the instancer's IUP optimization (#3432).
  • [sbix] Support sbix glyphs with new graphicType "flip" (#3433).
  • [svgPathPen] Added --glyphs option to dump the SVG paths for the named glyphs in the font (0572f78).
  • [designspaceLib] Added "description" attribute to <mappings> and <mapping> elements, and allow multiple <mappings> elements to group <mapping> elements that are logically related (#3435, #3437).
  • [otlLib] Correctly choose the most compact GSUB contextual lookup format (#3439).

4.47.2 (released 2024-01-11)

Minor release to fix uploading wheels to PyPI.

4.47.1 (released 2024-01-11)

  • [merge] Improve help message and add standard command line options (#3408)
  • [otlLib] Pass ttFont to name.addName in buildStatTable (#3406)
  • [featureVars] Re-use FeatureVariationRecord's when possible (#3413)

4.47.0 (released 2023-12-18)

  • [varLib.models] New API for VariationModel: getMasterScalars and interpolateFromValuesAndScalars.
  • [varLib.interpolatable] Various bugfixes and rendering improvements. In particular, add a Summary page in the front, and an Index and Table-of-Contents in the back.

... (truncated)

Commits
  • e044025 Release 4.49.0
  • faabeb6 [NEWS] Update
  • b9d6b88 Merge pull request #3446 from fonttools/math-table
  • 90e391b Update Lib/fontTools/otlLib/builder.py
  • bb55793 [otlLib] Document buildMathTable
  • 0f953cc [otlLib] Support building MATH table
  • a7a0f41 Merge pull request #3445 from fonttools/pyup-scheduled-update-2024-02-12
  • 714ee24 Update ufo2ft from 3.0.0 to 3.0.1
  • 026324b Update reportlab from 4.0.9 to 4.1.0
  • 534ceed Merge pull request #3438 from fonttools/pyup-scheduled-update-2024-02-05
  • Additional commits viewable in compare view

Updates gitpython from 3.1.35 to 3.1.41

Release notes

Sourced from gitpython's releases.

3.1.41 - fix Windows security issue

The details about the Windows security issue can be found in this advisory.

Special thanks go to @​EliahKagan who reported the issue and fixed it in a single stroke, while being responsible for an incredible amount of improvements that he contributed over the last couple of months ❤️.

What's Changed

... (truncated)

Commits
  • f288738 bump patch level
  • ef3192c Merge pull request #1792 from EliahKagan/popen
  • 1f3caa3 Further clarify comment in test_hook_uses_shell_not_from_cwd
  • 3eb7c2a Move safer_popen from git.util to git.cmd
  • c551e91 Extract shared logic for using Popen safely on Windows
  • 15ebb25 Clarify comment in test_hook_uses_shell_not_from_cwd
  • f44524a Avoid spurious "location may have moved" on Windows
  • a42ea0a Cover absent/no-distro bash.exe in hooks "not from cwd" test
  • 7751436 Extract venv management from test_installation
  • 66ff4c1 Omit CWD in search for bash.exe to run hooks on Windows
  • Additional commits viewable in compare view

Updates langchain from 0.1.0 to 0.1.9

Release notes

Sourced from langchain's releases.

v0.1.9

What's Changed

... (truncated)

Commits

Updates pyarrow from 14.0.1 to 15.0.0

Commits

Updates streamlit from 1.30.0 to 1.31.1

Release notes

Sourced from streamlit's releases.

1.31.1

Full Changelog: streamlit/streamlit@1.31.0...1.31.1

1.31.0

What's Changed

New Features 🎉

Bug Fixes 🐛

Other Changes

New Contributors

Full Changelog: streamlit/streamlit@1.30.0...1.31.0

Commits

Updates transformers from 4.36.0 to 4.38.1

Release notes

Sourced from transformers's releases.

v4.38.1

Fix eager attention in Gemma!

TLDR:

-        attn_output = attn_output.reshape(bsz, q_len, self.hidden_size)
+        attn_output = attn_output.view(bsz, q_len, -1)

v4.38: Gemma, Depth Anything, Stable LM; Static Cache, HF Quantizer, AQLM

New model additions

💎 Gemma 💎

Gemma is a new opensource Language Model series from Google AI that comes with a 2B and 7B variant. The release comes with the pre-trained and instruction fine-tuned versions and you can use them via AutoModelForCausalLM, GemmaForCausalLM or pipeline interface!

Read more about it in the Gemma release blogpost: https://hf.co/blog/gemma

from transformers import AutoTokenizer, AutoModelForCausalLM
tokenizer = AutoTokenizer.from_pretrained("google/gemma-2b")
model = AutoModelForCausalLM.from_pretrained("google/gemma-2b", device_map="auto", torch_dtype=torch.float16)
input_text = "Write me a poem about Machine Learning."
input_ids = tokenizer(input_text, return_tensors="pt").to("cuda")
outputs = model.generate(**input_ids)

You can use the model with Flash Attention, SDPA, Static cache and quantization API for further optimizations !

  • Flash Attention 2
from transformers import AutoTokenizer, AutoModelForCausalLM
tokenizer = AutoTokenizer.from_pretrained("google/gemma-2b")
model = AutoModelForCausalLM.from_pretrained(
"google/gemma-2b", device_map="auto", torch_dtype=torch.float16, attn_implementation="flash_attention_2"
)
input_text = "Write me a poem about Machine Learning."
input_ids = tokenizer(input_text, return_tensors="pt").to("cuda")
outputs = model.generate(**input_ids)

... (truncated)

Commits
  • a085774 Release: v4.38.1
  • 2f54e0b [Gemma] Fix eager attention (#29187)
  • 08ab54a [ gemma] Adds support for Gemma 💎 (#29167)
  • 2de9314 [Maskformer] safely get backbone config (#29166)
  • 476957b 🚨 Llama: update rope scaling to match static cache changes (#29143)
  • 7a4bec6 Release: 4.38.0
  • ee3af60 Add support for fine-tuning CLIP-like models using contrastive-image-text exa...
  • 0996a10 Revert low cpu mem tie weights (#29135)
  • 15cfe38 [Core tokenization] add_dummy_prefix_space option to help with latest is...
  • efdd436 FIX [PEFT / Trainer ] Handle better peft + quantized compiled models (#29...
  • Additional commits viewable in compare view

Updates urllib3 from 2.0.7 to 2.2.1

Release notes

Sourced from urllib3's releases.

2.2.1

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Fixed issue where InsecureRequestWarning was emitted for HTTPS connections when using Emscripten. (#3331)
  • Fixed HTTPConnectionPool.urlopen to stop automatically casting non-proxy headers to HTTPHeaderDict. This change was premature as it did not apply to proxy headers and HTTPHeaderDict does not handle byte header values correctly yet. (#3343)
  • Changed ProtocolError to InvalidChunkLength when response terminates before the chunk length is sent. (#2860)
  • Changed ProtocolError to be more verbose on incomplete reads with excess content. (#3261)

2.2.0

🖥️ urllib3 now works in the browser

🎉 This release adds experimental support for using urllib3 in the browser with Pyodide! 🎉

Thanks to Joe Marshall (@​joemarshall) for contributing this feature. This change was possible thanks to work done in urllib3 v2.0 to detach our API from http.client. Please report all bugs to the urllib3 issue tracker.

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Added support for Emscripten and Pyodide, including streaming support in cross-origin isolated browser environments where threading is enabled. (#2951)
  • Added support for HTTPResponse.read1() method. (#3186)
  • Added rudimentary support for HTTP/2. (#3284)
  • Fixed issue where requests against urls with trailing dots were failing due to SSL errors when using proxy. (#2244)
  • Fixed HTTPConnection.proxy_is_verified and HTTPSConnection.proxy_is_verified to be always set to a boolean after connecting to a proxy. It could be None in some cases previously....

    Description has been truncated

@dependabot
Bump the pip group across 1 directories with 9 updates
5b8783b 
Bumps the pip group with 9 updates in the / directory:

| Package | From | To |
| --- | --- | --- |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.9.2` | `3.9.3` |
| [cryptography](https://github.com/pyca/cryptography) | `42.0.4` | `42.0.5` |
| [fonttools](https://github.com/fonttools/fonttools) | `4.43.0` | `4.49.0` |
| [gitpython](https://github.com/gitpython-developers/GitPython) | `3.1.35` | `3.1.41` |
| [langchain](https://github.com/langchain-ai/langchain) | `0.1.0` | `0.1.9` |
| [pyarrow](https://github.com/apache/arrow) | `14.0.1` | `15.0.0` |
| [streamlit](https://github.com/streamlit/streamlit) | `1.30.0` | `1.31.1` |
| [transformers](https://github.com/huggingface/transformers) | `4.36.0` | `4.38.1` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.0.7` | `2.2.1` |


Updates `aiohttp` from 3.9.2 to 3.9.3
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](aio-libs/aiohttp@v3.9.2...v3.9.3)

Updates `cryptography` from 42.0.4 to 42.0.5
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@42.0.4...42.0.5)

Updates `fonttools` from 4.43.0 to 4.49.0
- [Release notes](https://github.com/fonttools/fonttools/releases)
- [Changelog](https://github.com/fonttools/fonttools/blob/main/NEWS.rst)
- [Commits](fonttools/fonttools@4.43.0...4.49.0)

Updates `gitpython` from 3.1.35 to 3.1.41
- [Release notes](https://github.com/gitpython-developers/GitPython/releases)
- [Changelog](https://github.com/gitpython-developers/GitPython/blob/main/CHANGES)
- [Commits](gitpython-developers/GitPython@3.1.35...3.1.41)

Updates `langchain` from 0.1.0 to 0.1.9
- [Release notes](https://github.com/langchain-ai/langchain/releases)
- [Commits](langchain-ai/langchain@v0.1.0...v0.1.9)

Updates `pyarrow` from 14.0.1 to 15.0.0
- [Commits](apache/arrow@go/v14.0.1...go/v15.0.0)

Updates `streamlit` from 1.30.0 to 1.31.1
- [Release notes](https://github.com/streamlit/streamlit/releases)
- [Commits](streamlit/streamlit@1.30.0...1.31.1)

Updates `transformers` from 4.36.0 to 4.38.1
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v4.36.0...v4.38.1)

Updates `urllib3` from 2.0.7 to 2.2.1
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.0.7...2.2.1)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
  dependency-group: pip-security-group
- dependency-name: cryptography
  dependency-type: direct:production
  dependency-group: pip-security-group
- dependency-name: fonttools
  dependency-type: direct:production
  dependency-group: pip-security-group
- dependency-name: gitpython
  dependency-type: direct:production
  dependency-group: pip-security-group
- dependency-name: langchain
  dependency-type: direct:production
  dependency-group: pip-security-group
- dependency-name: pyarrow
  dependency-type: direct:production
  dependency-group: pip-security-group
- dependency-name: streamlit
  dependency-type: direct:production
  dependency-group: pip-security-group
- dependency-name: transformers
  dependency-type: direct:production
  dependency-group: pip-security-group
- dependency-name: urllib3
  dependency-type: direct:production
  dependency-group: pip-security-group
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Feb 28, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants