Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the dependabot group with 3 updates #168

Merged
merged 1 commit into from
Oct 16, 2023
Merged

Bump the dependabot group with 3 updates #168

merged 1 commit into from
Oct 16, 2023

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github Oct 16, 2023

Bumps the dependabot group with 3 updates: numpy, pillow and pip.

Updates numpy from 1.24.3 to 1.26.1

Release notes

Sourced from numpy's releases.

v1.26.1

NumPy 1.26.1 Release Notes

NumPy 1.26.1 is a maintenance release that fixes bugs and regressions discovered after the 1.26.0 release. In addition, it adds new functionality for detecting BLAS and LAPACK when building from source. Highlights are:

  • Improved detection of BLAS and LAPACK libraries for meson builds
  • Pickle compatibility with the upcoming NumPy 2.0.

The 1.26.release series is the last planned minor release series before NumPy 2.0. The Python versions supported by this release are 3.9-3.12.

Build system changes

Improved BLAS/LAPACK detection and control

Auto-detection for a number of BLAS and LAPACK is now implemented for Meson. By default, the build system will try to detect MKL, Accelerate (on macOS >=13.3), OpenBLAS, FlexiBLAS, BLIS and reference BLAS/LAPACK. Support for MKL was significantly improved, and support for FlexiBLAS was added.

New command-line flags are available to further control the selection of the BLAS and LAPACK libraries to build against.

To select a specific library, use the config-settings interface via pip or pypa/build. E.g., to select libblas/liblapack, use:

$ pip install numpy -Csetup-args=-Dblas=blas -Csetup-args=-Dlapack=lapack
$ # OR
$ python -m build . -Csetup-args=-Dblas=blas -Csetup-args=-Dlapack=lapack

This works not only for the libraries named above, but for any library that Meson is able to detect with the given name through pkg-config or CMake.

Besides -Dblas and -Dlapack, a number of other new flags are available to control BLAS/LAPACK selection and behavior:

  • -Dblas-order and -Dlapack-order: a list of library names to search for in order, overriding the default search order.
  • -Duse-ilp64: if set to true, use ILP64 (64-bit integer) BLAS and LAPACK. Note that with this release, ILP64 support has been extended to include MKL and FlexiBLAS. OpenBLAS and Accelerate were supported in previous releases.
  • -Dallow-noblas: if set to true, allow NumPy to build with its internal (very slow) fallback routines instead of linking against an external BLAS/LAPACK library. *The default for this flag may be

... (truncated)

Commits
  • 411a55b Merge pull request #24928 from charris/update-version
  • aa91e5d REL: Update release versions
  • 6207a52 Merge pull request #24916 from charris/prepare-1.26.1-release
  • e27f774 MAINT: Revert cibuildwheel update
  • 48bdb17 REL: Prepare for the NumPy 1.26.1 release
  • f51d3ad Merge pull request #24912 from charris/backport-24904
  • 94e315d Merge pull request #24911 from charris/backport-24860
  • 114d086 Merge pull request #24906 from mtsokol/backport-_core-stubs
  • 54e6e65 BUG: loongarch doesn't use REAL(10)
  • cc5e90f MAINT: Bump pypa/cibuildwheel from 2.16.1 to 2.16.2
  • Additional commits viewable in compare view

Updates pillow from 10.0.1 to 10.1.0

Release notes

Sourced from pillow's releases.

10.1.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.1.0.html

Changes

Dependencies

Documentation

... (truncated)

Changelog

Sourced from pillow's changelog.

10.1.0 (2023-10-15)

  • Added TrueType default font to allow for different sizes #7354 [radarhere]

  • Fixed invalid argument warning #7442 [radarhere]

  • Added ImageOps cover method #7412 [radarhere, hugovk]

  • Catch struct.error from truncated EXIF when reading JPEG DPI #7458 [radarhere]

  • Consider default image when selecting mode for PNG save_all #7437 [radarhere]

  • Support BGR;15, BGR;16 and BGR;24 access, unpacking and putdata #7303 [radarhere]

  • Added CMYK to RGB unpacker #7310 [radarhere]

  • Improved flexibility of XMP parsing #7274 [radarhere]

  • Support reading 8-bit YCbCr TIFF images #7415 [radarhere]

  • Allow saving I;16B images as PNG #7302 [radarhere]

  • Corrected drawing I;16 points and writing I;16 text #7257 [radarhere]

  • Set blue channel to 128 for BC5S #7413 [radarhere]

  • Increase flexibility when reading IPTC fields #7319 [radarhere]

  • Set C palette to be empty by default #7289 [radarhere]

  • Added gs_binary to control Ghostscript use on all platforms #7392 [radarhere]

  • Read bounding box information from the trailer of EPS files if specified #7382 [nopperl, radarhere]

... (truncated)

Commits
  • da59ad0 10.1.0 version bump
  • d10f802 Merge pull request #7465 from radarhere/mode
  • f50c713 Move #7307 from "Backwards Incompatible Changes" to "API Changes"
  • a1ddb4d Describe how to populate mode and size
  • 4ace56d Update CHANGES.rst [ci skip]
  • 7bf1a87 Merge pull request #7354 from radarhere/load_default
  • e154e97 Merge pull request #7463 from radarhere/libimagequant
  • c759ef2 Updated libimagequant to 4.2.2
  • 3a40816 Update CHANGES.rst [ci skip]
  • c2d5088 Added documentation
  • Additional commits viewable in compare view

Updates pip from 23.2 to 23.3

Changelog

Sourced from pip's changelog.

23.3 (2023-10-15)

Process

  • Added reference to vulnerability reporting guidelines <https://www.python.org/dev/security/>_ to pip's security policy.

Deprecations and Removals

  • Drop a fallback to using SecureTransport on macOS. It was useful when pip detected OpenSSL older than 1.0.1, but the current pip does not support any Python version supporting such old OpenSSL versions. ([#12175](https://github.com/pypa/pip/issues/12175) <https://github.com/pypa/pip/issues/12175>_)

Features

  • Improve extras resolution for multiple constraints on same base package. ([#11924](https://github.com/pypa/pip/issues/11924) <https://github.com/pypa/pip/issues/11924>_)
  • Improve use of datastructures to make candidate selection 1.6x faster. ([#12204](https://github.com/pypa/pip/issues/12204) <https://github.com/pypa/pip/issues/12204>_)
  • Allow pip install --dry-run to use platform and ABI overriding options. ([#12215](https://github.com/pypa/pip/issues/12215) <https://github.com/pypa/pip/issues/12215>_)
  • Add is_yanked boolean entry to the installation report (--report) to indicate whether the requirement was yanked from the index, but was still selected by pip conform to :pep:592. ([#12224](https://github.com/pypa/pip/issues/12224) <https://github.com/pypa/pip/issues/12224>_)

Bug Fixes

  • Ignore errors in temporary directory cleanup (show a warning instead). ([#11394](https://github.com/pypa/pip/issues/11394) <https://github.com/pypa/pip/issues/11394>_)
  • Normalize extras according to :pep:685 from package metadata in the resolver for comparison. This ensures extras are correctly compared and merged as long as the package providing the extra(s) is built with values normalized according to the standard. Note, however, that this does not solve cases where the package itself contains unnormalized extra values in the metadata. ([#11649](https://github.com/pypa/pip/issues/11649) <https://github.com/pypa/pip/issues/11649>_)
  • Prevent downloading sdists twice when :pep:658 metadata is present. ([#11847](https://github.com/pypa/pip/issues/11847) <https://github.com/pypa/pip/issues/11847>_)
  • Include all requested extras in the install report (--report). ([#11924](https://github.com/pypa/pip/issues/11924) <https://github.com/pypa/pip/issues/11924>_)
  • Removed uses of datetime.datetime.utcnow from non-vendored code. ([#12005](https://github.com/pypa/pip/issues/12005) <https://github.com/pypa/pip/issues/12005>_)
  • Consistently report whether a dependency comes from an extra. ([#12095](https://github.com/pypa/pip/issues/12095) <https://github.com/pypa/pip/issues/12095>_)
  • Fix completion script for zsh ([#12166](https://github.com/pypa/pip/issues/12166) <https://github.com/pypa/pip/issues/12166>_)
  • Fix improper handling of the new onexc argument of shutil.rmtree() in Python 3.12. ([#12187](https://github.com/pypa/pip/issues/12187) <https://github.com/pypa/pip/issues/12187>_)
  • Filter out yanked links from the available versions error message: "(from versions: 1.0, 2.0, 3.0)" will not contain yanked versions conform PEP 592. The yanked versions (if any) will be mentioned in a separate error message. ([#12225](https://github.com/pypa/pip/issues/12225) <https://github.com/pypa/pip/issues/12225>_)
  • Fix crash when the git version number contains something else than digits and dots. ([#12280](https://github.com/pypa/pip/issues/12280) <https://github.com/pypa/pip/issues/12280>_)
  • Use -r=... instead of -r ... to specify references with Mercurial. ([#12306](https://github.com/pypa/pip/issues/12306) <https://github.com/pypa/pip/issues/12306>_)
  • Redact password from URLs in some additional places. ([#12350](https://github.com/pypa/pip/issues/12350) <https://github.com/pypa/pip/issues/12350>_)
  • pip uses less memory when caching large packages. As a result, there is a new on-disk cache format stored in a new directory ($PIP_CACHE_DIR/http-v2). ([#2984](https://github.com/pypa/pip/issues/2984) <https://github.com/pypa/pip/issues/2984>_)

Vendored Libraries

  • Upgrade certifi to 2023.7.22
  • Add truststore 0.8.0
  • Upgrade urllib3 to 1.26.17

Improved Documentation

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the dependabot group with 3 updates
249639d 
Bumps the dependabot group with 3 updates: [numpy](https://github.com/numpy/numpy), [pillow](https://github.com/python-pillow/Pillow) and [pip](https://github.com/pypa/pip).


Updates `numpy` from 1.24.3 to 1.26.1
- [Release notes](https://github.com/numpy/numpy/releases)
- [Changelog](https://github.com/numpy/numpy/blob/main/doc/RELEASE_WALKTHROUGH.rst)
- [Commits](numpy/numpy@v1.24.3...v1.26.1)

Updates `pillow` from 10.0.1 to 10.1.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@10.0.1...10.1.0)

Updates `pip` from 23.2 to 23.3
- [Changelog](https://github.com/pypa/pip/blob/main/NEWS.rst)
- [Commits](pypa/pip@23.2...23.3)

---
updated-dependencies:
- dependency-name: numpy
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependabot
- dependency-name: pillow
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependabot
- dependency-name: pip
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: dependabot
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Oct 16, 2023
@jmichelp jmichelp merged commit e3a7774 into main Oct 16, 2023
10 checks passed
@dependabot dependabot bot deleted the dependabot/pip/dependabot-b011ec5d59 branch October 16, 2023 10:26
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jmichelp jmichelp jmichelp approved these changes

Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@jmichelp