Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Tech] Bump the pip group in /datascience with 7 updates #1984

Closed
wants to merge 1 commit into from
Closed

[Tech] Bump the pip group in /datascience with 7 updates #1984

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Jan 13, 2025

Bumps the pip group in /datascience with 7 updates:

Package From To
certifi 2024.2.2 2024.7.4
fiona 1.9.6 1.10.0
jinja2 3.1.4 3.1.5
tornado 6.4 6.4.2
urllib3 2.2.1 2.2.2
virtualenv 20.26.2 20.26.6
zipp 3.19.0 3.19.1

Updates certifi from 2024.2.2 to 2024.7.4

Commits

Updates fiona from 1.9.6 to 1.10.0

Release notes

Sourced from fiona's releases.

1.10.0

This is 1.10.0. At last! The project has added 25 new contributors since 1.9.0, for a total of 73.

Fiona 1.10 will continue to support classic GIS programming work with a record-style data model. Rows, that is, not columns.

The changes since 1.9.6 are fully described in the changelog, split across pre-releases. Here is a high-level summary.

Deprecations

  • Python-style filter expressions for CLI commands are being replaced by Lisp-like expressions.
  • Some constants in the fiona.schema module will be removed in a future version.
  • The fiona.path module will be removed in a future version. This, and the previously mentioned constants, were not meant to be used by projects downstream.

New features

  • Python openers can connect filesystems implemented in Python, like fsspec or tiledb.vfs, to GDAL's own virtual filesystem machinery. In most cases, you should reply on GDAL's built-in virtual filesystem handlers. On the other hand, if you have unique or proprietary data access protocols, then fiona's new openers may be useful.
  • Fiona's CLI has three new commands, filter (strictly speaking, a new mode of this command), map, and reduce. These provide some great features for Unix-style data processing pipelines and are designed to work well with jq and programs of that nature.

Other changes

This version is heavily refactored. If it's not paying off for you, let us know!

PyPI wheels

The binary wheels on PyPI include GDAL 3.9.2 (3.9.1 for Windows), GEOS 3.11.2, and PROJ 9.4.1.

GDAL and Python versions

Fiona 1.10.0 requires GDAL 3.4 and Python 3.8 or newer.

1.10.0rc1

This is the first release candidate for 1.10.0.

Changes

  • Mutable item access to Feature, Geometry, and Properties instances has been restored (reported in #1430). This usage should be avoided as instances of these classes will be immutable in a future version.
  • The setup.cfg duplicates project configuration in pyproject.toml and has been removed.

Packaging

  • PyPI wheels include GDAL 3.9.2.

Please see the CHANGES file for a more detailed enumeration of changes since version 1.10b1. Unless showstopper bugs are found in this release, expect a final 1.10.0 release in two weeks.

1.10b3

Bug fixes

  • The sketchy, semi-private Python opener interfaces of version 1.10b2 have been replaced by ABCs that are exported from fiona.abc (#1415). How to implement the interfaces and provide a custom opener is documented in test_pyopener.py and will be included in the documentation for version 1.10.0.
  • The truncate GDAL VSI plugin callback has been implemented (#1413).

... (truncated)

Changelog

Sourced from fiona's changelog.

1.10.0 (2024-09-03)

The package version, credits, and citation file have been updated. There have been no other changes since 1.10.0rc1. Fiona is the work of 73 contributors, including 25 new contributors since 1.9.0.

1.10.0rc1 (2024-08-21)

This is the first release candidate for 1.10.0.

Changes:

  • Mutable item access to Feature, Geometry, and Properties instances has been restored (reported in #1430). This usage should be avoided as instances of these classes will be immutable in a future version.
  • The setup.cfg duplicates project configuration in pyproject.toml and has been removed.

1.10b3 (2024-07-29)

Bug fixes:

  • The sketchy, semi-private Python opener interfaces of version 1.10b2 have been replaced by ABCs that are exported from fiona.abc (#1415).
  • The truncate VSI plugin callback has been implemented (#1413).

1.10b2 (2024-07-10)

Bug fixes:

  • The Pyopener registry and VSI plugin have been rewritten to avoid filename conflicts and to be compatible with multithreading. Now, a new plugin handler is registered for each instance of using an opener (#1408). Before GDAL 3.9.0 plugin handlers cannot not be removed and so it may be observed that the size of the Pyopener registry grows during the execution of a program.
  • A CSLConstList ctypedef has been added and is used where appropriate (#1404).
  • Fiona model objects have a informative, printable representation again (#1380).

Packaging:

  • PyPI wheels include GDAL 3.9.1 and curl 8.8.0.

1.10b1 (2024-04-16)

... (truncated)

Commits

Updates jinja2 from 3.1.4 to 3.1.5

Release notes

Sourced from jinja2's releases.

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. #2032
  • Calling sync render for an async template uses asyncio.run. #1952
  • Avoid unclosed auto_aiter warnings. #1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. #1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. #1960
  • The runtime uses the correct concat function for the current environment when calling block references. #1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
  • |int filter handles OverflowError from scientific notation. #1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
  • Fix copy/pickle support for the internal missing object. #2027
  • Environment.overlay(enable_async) is applied correctly. #2061
  • The error message from FileSystemLoader includes the paths that were searched. #1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
  • Improve annotations for methods returning copies. #1880
  • urlize does not add mailto: to values like @a@b. #1870
  • Tests decorated with @pass_context can be used with the |select filter. #1624
  • Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
  • Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253
Changelog

Sourced from jinja2's changelog.

Version 3.1.5

Released 2024-12-21

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. :issue:2032
  • Calling sync render for an async template uses asyncio.run. :pr:1952
  • Avoid unclosed auto_aiter warnings. :pr:1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. :pr:1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. :pr:1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. :pr:1960
  • The runtime uses the correct concat function for the current environment when calling block references. :issue:1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. :issue:1781
  • |int filter handles OverflowError from scientific notation. :issue:1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. :issue:2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. :issue:2025
  • Fix copy/pickle support for the internal missing object. :issue:2027
  • Environment.overlay(enable_async) is applied correctly. :pr:2061
  • The error message from FileSystemLoader includes the paths that were searched. :issue:1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. :issue:1705
  • Improve annotations for methods returning copies. :pr:1880
  • urlize does not add mailto: to values like @a@b. :pr:1870
  • Tests decorated with @pass_context`` can be used with the ``|select`` filter. :issue:1624`
  • Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. :issue:1413
  • Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. :issue:1253
Commits
  • 877f6e5 release version 3.1.5
  • 8d58859 remove test pypi
  • eda8fe8 update dev dependencies
  • c8fdce1 Fix bug involving calling set on a template parameter within all branches of ...
  • 66587ce Fix bug where set would sometimes fail within if
  • fbc3a69 Add support for namespaces in tuple parsing (#1664)
  • b8f4831 more comments about nsref assignment
  • ee83219 Add support for namespaces in tuple assignment
  • 1d55cdd Triple quotes in docs (#2064)
  • 8a8eafc edit block assignment section
  • Additional commits viewable in compare view

Updates tornado from 6.4 to 6.4.2

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1 releases/v3.1.0 releases/v3.0.2 releases/v3.0.1 releases/v3.0.0 releases/v2.4.1 releases/v2.4.0

... (truncated)

Commits
  • a5ecfab Bump version to 6.4.2
  • bc7df6b Fix tests with Twisted 24.7.0
  • d5ba4a1 httputil: Fix quadratic performance of cookie parsing
  • 2a0e1d1 Merge pull request #3388 from bdarnell/release-641
  • b7af4e8 Release notes and version bump for version 6.4.1
  • d65f6e7 Merge pull request #3387 from bdarnell/chunked-parsing
  • 8d721a8 httputil: Only strip tabs and spaces from header values
  • 7786f09 Merge pull request #3386 from bdarnell/curl-crlf
  • fb119c7 http1connection: Stricter handling of transfer-encoding
  • b0ffc58 curl_httpclient,http1connection: Prohibit CR and LF in headers
  • Additional commits viewable in compare view

Updates urllib3 from 2.2.1 to 2.2.2

Release notes

Sourced from urllib3's releases.

2.2.2

🚀 urllib3 is fundraising for HTTP/2 support

urllib3 is raising ~$40,000 USD to release HTTP/2 support and ensure long-term sustainable maintenance of the project after a sharp decline in financial support for 2023. If your company or organization uses Python and would benefit from HTTP/2 support in Requests, pip, cloud SDKs, and thousands of other projects please consider contributing financially to ensure HTTP/2 support is developed sustainably and maintained for the long-haul.

Thank you for your support.

Changes

  • Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
  • Allowed passing negative integers as amt to read methods of http.client.HTTPResponse as an alternative to None. (#3122)
  • Fixed return types representing copying actions to use typing.Self. (#3363)

Full Changelog: urllib3/urllib3@2.2.1...2.2.2

Changelog

Sourced from urllib3's changelog.

2.2.2 (2024-06-17)

  • Added the Proxy-Authorization header to the list of headers to strip from requests when redirecting to a different host. As before, different headers can be set via Retry.remove_headers_on_redirect.
  • Allowed passing negative integers as amt to read methods of http.client.HTTPResponse as an alternative to None. ([#3122](https://github.com/urllib3/urllib3/issues/3122) <https://github.com/urllib3/urllib3/issues/3122>__)
  • Fixed return types representing copying actions to use typing.Self. ([#3363](https://github.com/urllib3/urllib3/issues/3363) <https://github.com/urllib3/urllib3/issues/3363>__)
Commits

Updates virtualenv from 20.26.2 to 20.26.6

Release notes

Sourced from virtualenv's releases.

20.26.6

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@20.26.5...20.26.6

20.26.5

What's Changed

Full Changelog: pypa/virtualenv@20.26.4...20.26.5

20.26.4

What's Changed

New Contributors

Full Changelog: pypa/virtualenv@20.26.3...20.26.4

20.26.3

What's Changed

Full Changelog: pypa/virtualenv@20.26.2...20.26.3

Changelog

Sourced from virtualenv's changelog.

v20.26.6 (2024-09-27)

Bugfixes - 20.26.6

- Properly quote string placeholders in activation script templates to mitigate
  potential command injection - by :user:`y5c4l3`. (:issue:`2768`)

v20.26.5 (2024-09-17)


Bugfixes - 20.26.5

  • Upgrade embedded wheels: setuptools to 75.1.0 from 74.1.2 - by :user:gaborbernat. (:issue:2765)

v20.26.4 (2024-09-07)

Bugfixes - 20.26.4

- no longer create `()` output in console during activation of a virtualenv by .bat file. (:issue:`2728`)
- Upgrade embedded wheels:

    

  • wheel to 0.44.0 from 0.43.0
    • 

  • pip to 24.2 from 24.1
    • 

  • setuptools to 74.1.2 from 70.1.0 (:issue:2760)
    • 



v20.26.3 (2024-06-21)


Bugfixes - 20.26.3

  • Upgrade embedded wheels:

    • setuptools to 70.1.0 from 69.5.1
    • pip to 24.1 from 24.0 (:issue:2741)
Commits

Updates zipp from 3.19.0 to 3.19.1

Changelog

Sourced from zipp's changelog.

v3.19.1

Bugfixes

  • Improved handling of malformed zip files. (#119)
Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
[Tech] Bump the pip group in /datascience with 7 updates
a183613 
Bumps the pip group in /datascience with 7 updates:

| Package | From | To |
| --- | --- | --- |
| [certifi](https://github.com/certifi/python-certifi) | `2024.2.2` | `2024.7.4` |
| [fiona](https://github.com/Toblerity/Fiona) | `1.9.6` | `1.10.0` |
| [jinja2](https://github.com/pallets/jinja) | `3.1.4` | `3.1.5` |
| [tornado](https://github.com/tornadoweb/tornado) | `6.4` | `6.4.2` |
| [urllib3](https://github.com/urllib3/urllib3) | `2.2.1` | `2.2.2` |
| [virtualenv](https://github.com/pypa/virtualenv) | `20.26.2` | `20.26.6` |
| [zipp](https://github.com/jaraco/zipp) | `3.19.0` | `3.19.1` |


Updates `certifi` from 2024.2.2 to 2024.7.4
- [Commits](certifi/python-certifi@2024.02.02...2024.07.04)

Updates `fiona` from 1.9.6 to 1.10.0
- [Release notes](https://github.com/Toblerity/Fiona/releases)
- [Changelog](https://github.com/Toblerity/Fiona/blob/main/CHANGES.txt)
- [Commits](Toblerity/Fiona@1.9.6...1.10.0)

Updates `jinja2` from 3.1.4 to 3.1.5
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.1.4...3.1.5)

Updates `tornado` from 6.4 to 6.4.2
- [Changelog](https://github.com/tornadoweb/tornado/blob/v6.4.2/docs/releases.rst)
- [Commits](tornadoweb/tornado@v6.4.0...v6.4.2)

Updates `urllib3` from 2.2.1 to 2.2.2
- [Release notes](https://github.com/urllib3/urllib3/releases)
- [Changelog](https://github.com/urllib3/urllib3/blob/main/CHANGES.rst)
- [Commits](urllib3/urllib3@2.2.1...2.2.2)

Updates `virtualenv` from 20.26.2 to 20.26.6
- [Release notes](https://github.com/pypa/virtualenv/releases)
- [Changelog](https://github.com/pypa/virtualenv/blob/main/docs/changelog.rst)
- [Commits](pypa/virtualenv@20.26.2...20.26.6)

Updates `zipp` from 3.19.0 to 3.19.1
- [Release notes](https://github.com/jaraco/zipp/releases)
- [Changelog](https://github.com/jaraco/zipp/blob/main/NEWS.rst)
- [Commits](jaraco/zipp@v3.19.0...v3.19.1)

---
updated-dependencies:
- dependency-name: certifi
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: fiona
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: jinja2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tornado
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: urllib3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: virtualenv
  dependency-type: direct:development
  dependency-group: pip
- dependency-name: zipp
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies tech. enhancement technical enhancement labels Jan 13, 2025
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@claire2212 claire2212 closed this Jan 14, 2025
@dependabot Dependabot
Copy link
Contributor Author

dependabot bot commented on behalf of github Jan 14, 2025

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/pip/datascience/pip-81b6b592c2 branch January 14, 2025 09:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@VincentAntoine VincentAntoine

Labels
dependencies tech. enhancement technical enhancement
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@claire2212 @VincentAntoine