Skip to content

build(deps): Bump the pip group across 1 directory with 9 updates #3

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dependabot wants to merge 1 commit into
base: main
Choose a base branch
from
Open

build(deps): Bump the pip group across 1 directory with 9 updates #3

dependabot wants to merge 1 commit into from

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 21, 2025

Bumps the pip group with 9 updates in the /backend directory:

Package From To
flask 2.0.1 2.2.5
flask-cors 3.0.10 4.0.2
werkzeug 2.0.1 3.0.6
nltk 3.6.3 3.9.1
scikit-learn 0.24.2 1.5.1
transformers 4.26.0 4.48.0
tensorflow 2.12.0 2.12.1
torch 1.13.0 2.2.0
jinja2 3.0.1 3.1.6

Updates flask from 2.0.1 to 2.2.5

Release notes

Sourced from flask's releases.

2.2.5

This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

2.2.4

This is a fix release for the 2.2.x release branch.

2.2.3

This is a fix release for the 2.2.x release branch.

2.2.2

This is a fix release for the 2.2.0 feature release.

2.2.1

This is a fix release for the 2.2.0 feature release.

2.2.0

This is a feature release, which includes new features and removes previously deprecated code. The 2.2.x branch is now the supported bug fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

2.1.3

2.1.2

This is a fix release for the 2.1.0 feature release.

2.1.1

This is a fix release for the 2.1.0 feature release.

... (truncated)

Changelog

Sourced from flask's changelog.

Version 2.2.5

Released 2023-05-02

  • Update for compatibility with Werkzeug 2.3.3.
  • Set Vary: Cookie header when the session is accessed, modified, or refreshed.

Version 2.2.4

Released 2023-04-25

  • Update for compatibility with Werkzeug 2.3.

Version 2.2.3

Released 2023-02-15

  • Autoescape is enabled by default for .svg template files. :issue:4831
  • Fix the type of template_folder to accept pathlib.Path. :issue:4892
  • Add --debug option to the flask run command. :issue:4777

Version 2.2.2

Released 2022-08-08

  • Update Werkzeug dependency to >= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:4754
  • Fix the default value for app.env to be "production". This attribute remains deprecated. :issue:4740

Version 2.2.1

Released 2022-08-03

  • Setting or accessing json_encoder or json_decoder raises a deprecation warning. :issue:4732

Version 2.2.0

... (truncated)

Commits

Updates flask-cors from 3.0.10 to 4.0.2

Release notes

Sourced from flask-cors's releases.

4.0.2

What's Changed

New Contributors

Full Changelog: corydolphin/flask-cors@4.0.1...4.0.2

4.0.1

What's Changed

New Contributors

Full Changelog: corydolphin/flask-cors@4.0.0...4.0.1

Release 4.0.0

What's Changed

New Contributors

Full Changelog: corydolphin/flask-cors@3.1.01...v4.0.0

3.1.01

What's Changed

New Contributors

... (truncated)

Changelog

Sourced from flask-cors's changelog.

Change Log

4.0.1

Security

4.0.0

3.1.01

Commits

Updates werkzeug from 2.0.1 to 3.0.6

Release notes

Sourced from werkzeug's releases.

3.0.6

This is the Werkzeug 3.0.6 security fix release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.6/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-6

  • Fix how max_form_memory_size is applied when parsing large non-file fields. GHSA-q34m-jh98-gwm2
  • safe_join catches certain paths on Windows that were not caught by ntpath.isabs on Python < 3.11. GHSA-f9vj-2wh5-fj8j

3.0.5

This is the Werkzeug 3.0.5 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.5/ Changes: https://werkzeug.palletsprojects.com/en/stable/changes/#version-3-0-5 Milestone: https://github.com/pallets/werkzeug/milestone/37?closed=1

  • The Watchdog reloader ignores file closed no write events. #2945
  • Logging works with client addresses containing an IPv6 scope. #2952
  • Ignore invalid authorization parameters. #2955
  • Improve type annotation fore SharedDataMiddleware. #2958
  • Compatibility with Python 3.13 when generating debugger pin and the current UID does not have an associated name. #2957

3.0.4

This is the Werkzeug 3.0.4 fix release, which fixes bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.4/ Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-4 Milestone: https://github.com/pallets/werkzeug/milestone/36?closed=1

  • Restore behavior where parsing multipart/x-www-form-urlencoded data with invalid UTF-8 bytes in the body results in no form data parsed rather than a 413 error. #2930
  • Improve parse_options_header performance when parsing unterminated quoted string values. #2904
  • Debugger pin auth is synchronized across threads/processes when tracking failed entries. #2916
  • Dev server handles unexpected SSLEOFError due to issue in Python < 3.13. #2926
  • Debugger pin auth works when the URL already contains a query string. #2918

3.0.3

This is the Werkzeug 3.0.3 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.3/ Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 Milestone: https://github.com/pallets/werkzeug/milestone/35?closed=1

  • Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. GHSA-2g68-c3qc-8985
  • Make reloader more robust when "" is in sys.path. #2823

... (truncated)

Changelog

Sourced from werkzeug's changelog.

Version 3.0.6

Released 2024-10-25

  • Fix how max_form_memory_size is applied when parsing large non-file fields. :ghsa:q34m-jh98-gwm2
  • safe_join catches certain paths on Windows that were not caught by ntpath.isabs on Python < 3.11. :ghsa:f9vj-2wh5-fj8j

Version 3.0.5

Released 2024-10-24

  • The Watchdog reloader ignores file closed no write events. :issue:2945
  • Logging works with client addresses containing an IPv6 scope :issue:2952
  • Ignore invalid authorization parameters. :issue:2955
  • Improve type annotation fore SharedDataMiddleware. :issue:2958
  • Compatibility with Python 3.13 when generating debugger pin and the current UID does not have an associated name. :issue:2957

Version 3.0.4

Released 2024-08-21

  • Restore behavior where parsing multipart/x-www-form-urlencoded data with invalid UTF-8 bytes in the body results in no form data parsed rather than a 413 error. :issue:2930
  • Improve parse_options_header performance when parsing unterminated quoted string values. :issue:2904
  • Debugger pin auth is synchronized across threads/processes when tracking failed entries. :issue:2916
  • Dev server handles unexpected SSLEOFError due to issue in Python < 3.13. :issue:2926
  • Debugger pin auth works when the URL already contains a query string. :issue:2918

Version 3.0.3

Released 2024-05-05

  • Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger

... (truncated)

Commits

Updates nltk from 3.6.3 to 3.9.1

Changelog

Sourced from nltk's changelog.

Version 3.9.2 2025-03-10

  • Minor fixes including:
  • properly initialize Portuguese corpus reader
  • support for mixed rules conversion into Chomsky Normal Form
  • only import tkinter if a GUI is needed
  • issue #2112 with Corenlp
  • new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL
  • Lesk defaults to most frequent sense in case of ties

Thanks to the following contributions to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq

Version 3.9.1 2024-08-19

  • Fixed bug that prevented wordnet from loading

Version 3.9 2024-08-18

  • Fix security vulnerability CVE-2024-39705 (breaking change)
  • Replace pickled models (punkt, chunker, taggers) by new pickle-free "_tab" packages
  • No longer sort Wordnet synsets and relations (sort in calling function when required)
  • Only strip the last suffix in Wordnet Morphy, thus restricting synsets() results
  • Add Python 3.12 support
  • Many other minor fixes

Thanks to the following contributors to 3.8.2: Tom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins, Eric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.

Version 3.8.1 2023-01-02

  • Resolve RCE vulnerability in localhost WordNet Browser (#3100)
  • Remove unused tool scripts (#3099)
  • Resolve XSS vulnerability in localhost WordNet Browser (#3096)
  • Add Python 3.11 support (#3090)

Thanks to the following contributors to 3.8.1: Francis Bond, John Vandenberg, Tom Aarsen

Version 3.8 2022-12-12

  • Refactor dispersion plot (#3082)
  • Provide type hints for LazyCorpusLoader variables (#3081)
  • Throw warning when LanguageModel is initialized with incorrect vocabulary (#3080)
  • Fix WordNet's all_synsets() function (#3078)
  • Resolve TreebankWordDetokenizer inconsistency with end-of-string contractions (#3070)
  • Support both iso639-3 codes and BCP-47 language tags (#3060)
  • Avoid DeprecationWarning in Regexp tokenizer (#3055)
  • Fix many doctests, add doctests to CI (#3054, #3050, #3048)
  • Fix bool field not being read in VerbNet (#3044)

... (truncated)

Commits

Updates scikit-learn from 0.24.2 to 1.5.1

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.5.1

We're happy to announce the 1.5.1 release.

This release contains fixes for a few regressions introduced in 1.5.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.5.html#version-1-5-1

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Thanks to everyone who contributed to this release !

Scikit-learn 1.5.0

We're happy to announce the 1.5.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.5.html

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Scikit-learn 1.4.2

We're happy to announce the 1.4.2 release.

This release only includes support for numpy 2.

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

</tr></table>

... (truncated)

Commits
  • 70fdc84 Bump version [cd build]
  • b0ec847 DOC Add missing PR number in changelog entry (#29384)
  • 8179b8f DOC Set 1.5.1 release month (#29377)
  • 851c0d6 FIX: accuracy and zero_loss support for multilabel with Array API (#29336)
  • 99d8a32 FIX zero_one_loss breaks with multilabel and Array API (#29269)
  • 059070b ENH Add Array API compatibility to cosine_similarity (#29014)
  • ada571f Fix a regression in GridSearchCV for parameter grids that have arrays of diff...
  • fb26476 🔒 🤖 CI Update lock files for cirrus-arm CI build(s) 🔒 🤖...
  • 5a74cc0 Fix performance regression in ColumnTransformer (#29330)
  • c3d69b2 MAINT Pin the ruff version on CI linters (#29359)
  • Additional commits viewable in compare view

Updates transformers from 4.26.0 to 4.48.0

Release notes

Sourced from transformers's releases.

v4.48.0: ModernBERT, Aria, TimmWrapper, ColPali, Falcon3, Bamba, VitPose, DinoV2 w/ Registers, Emu3, Cohere v2, TextNet, DiffLlama, PixtralLarge, Moonshine

New models

ModernBERT

The ModernBert model was proposed in Smarter, Better, Faster, Longer: A Modern Bidirectional Encoder for Fast, Memory Efficient, and Long Context Finetuning and Inference by Benjamin Warner, Antoine Chaffin, Benjamin Clavié, Orion Weller, Oskar Hallström, Said Taghadouini, Alexis Galalgher, Raja Bisas, Faisal Ladhak, Tom Aarsen, Nathan Cooper, Grifin Adams, Jeremy Howard and Iacopo Poli.

It is a refresh of the traditional encoder architecture, as used in previous models such as BERT and RoBERTa.

It builds on BERT and implements many modern architectural improvements which have been developed since its original release, such as:

  • Rotary Positional Embeddings to support sequences of up to 8192 tokens.
  • Unpadding to ensure no compute is wasted on padding tokens, speeding up processing time for batches with mixed-length sequences.
  • GeGLU Replacing the original MLP layers with GeGLU layers, shown to improve performance.
  • Alternating Attention where most attention layers employ a sliding window of 128 tokens, with Global Attention only used every 3 layers.
  • Flash Attention to speed up processing.
  • A model designed following recent The Case for Co-Designing Model Architectures with Hardware, ensuring maximum efficiency across inference GPUs.
  • Modern training data scales (2 trillion tokens) and mixtures (including code ande math data)

image

Aria

The Aria model was proposed in Aria: An Open Multimodal Native Mixture-of-Experts Model by Li et al. from the Rhymes.AI team.

Aria is an open multimodal-native model with best-in-class performance across a wide range of multimodal, language, and coding tasks. It has a Mixture-of-Experts architecture, with respectively 3.9B and 3.5B activated parameters per visual token and text token.

TimmWrapper

We add a TimmWrapper set of classes such that timm models can be loaded in as transformer models into the library.

Here's a general usage example:

import torch
from urllib.request import urlopen
from PIL import Image
from transformers import AutoConfig, AutoModelForImageClassification, AutoImageProcessor
checkpoint = "timm/resnet50.a1_in1k"
img = Image.open(urlopen(
'https://huggingface.co/datasets/huggingface/documentation-images/resolve/main/beignets-task-guide.png'
))
image_processor = AutoImageProcessor.from_pretrained(checkpoint)
</tr></table>

... (truncated)

Commits

Updates tensorflow from 2.12.0 to 2.12.1

Release notes

Sourced from tensorflow's releases.

TensorFlow 2.12.1

Release 2.12.1

Bug Fixes and Other Changes

  • The use of the ambe config to build and test aarch64 is not needed. The ambe config will be removed in the future. Making cpu_arm64_pip.sh and cpu_arm64_nonpip.sh more similar for easier future maintenance.
Changelog

Sourced from tensorflow's changelog.

Release 2.12.1

Bug Fixes and Other Changes

  • The use of the ambe config to build and test aarch64 is not needed. The ambe config will be removed in the future. Making cpu_arm64_pip.sh and cpu_arm64_nonpip.sh more similar for easier future maintenance.
Commits
  • 8e2b665 Merge pull request #61094 from tensorflow/venkat-patch-444
  • 02478f0 Fix unit test failure caused by numpy update
  • 2cd9b41 Merge pull request #61082 from tensorflow/venkat-patch-333
  • 7995c95 Updating Simplified retry logic to DNS cache
  • 29479ed Merge pull request #60872 from tensorflow/r2.12-c45a6c0b1cb
  • e76a933 Simplified retry logic to DNS cache
  • 76addf7 Merge pull request #60850 from elfringham/non_pip_fix
  • 05987a8 [Linaro:ARM_CI] Fix permissions for running nonpip tests
  • 23724d2 Merge pull request #60842 from elfringham/r2.12
  • 496730b Limit typing_extensions to less than 4.6.0 until it works
  • Additional commits viewable in compare view

Updates torch from 1.13.0 to 2.2.0

Release notes

Sourced from torch's releases.

PyTorch 2.2: FlashAttention-v2, AOTInductor

PyTorch 2.2 Release Notes

  • Highlights
  • Backwards Incompatible Changes
  • Deprecations
  • New Features
  • Improvements
  • Bug fixes
  • Performance
  • Documentation

Highlights

We are excited to announce the release of PyTorch® 2.2! PyTorch 2.2 offers ~2x performance improvements to scaled_dot_product_attention via FlashAttention-v2 integration, as well as AOTInductor, a new ahead-of-time compilation and deployment tool built for non-python server-side deployments.

This release also includes improved torch.compile support for Optimizers, a number of new inductor optimizations, and a new logging mechanism called TORCH_LOGS.

Please note that we are deprecating macOS x86 support, and PyTorch 2.2.x will be the last version that supports macOS x64.

Along with 2.2, we are also releasing a series of updates to the PyTorch domain libraries. More details can be found in the library updates blog.

This release is composed of 3,628 commits and 521 contributors since PyTorch 2.1. We want to sincerely thank our dedicated community for your contributions. As always, we encourage you to try these out and report any issues as we improve 2.2. More information about how to get started with the PyTorch 2-series can be found at our Getting Started page.

Summary:

  • scaled_dot_product_attention (SDPA) now supports FlashAttention-2, yielding around 2x speedups compared to previous versions.
  • PyTorch 2.2 introduces a new ahead-of-time extension of TorchInductor called AOTInductor, designed to compile and deploy PyTorch programs for non-python server-side.
  • torch.distributed supports a new abstraction for initializing and representing ProcessGroups called device_mesh.
  • PyTorch 2.2 ships a standardized, configurable logging mechanism called TORCH_LOGS.
  • A number of torch.compile improvements are included in PyTorch 2.2, including improved support for compiling Optimizers and improved TorchInductor fusion and layout optimizations.
  • Please note that we are deprecating macOS x86 support, and PyTorch 2.2.x will be the last version that supports macOS x64.
  • torch.ao.quantization now offers a prototype torch.export based flow

... (truncated)

Commits

Updates jinja2 from 3.0.1 to 3.1.6

Release notes

Sourced from jinja2's releases.

3.1.6

This is the Jinja 3.1.6 security release, which fixes security issues but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.6/ Changes: https://jinja.palletsprojects.com/en/stable/changes/#version-3-1-6

  • The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. GHSA-cpwx-vrp4-4pq7

3.1.5

This is the Jinja 3.1.5 security fix release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Jinja2/3.1.5/ Changes: https://jinja.palletsprojects.com/changes/#version-3-1-5 Milestone: https://github.com/pallets/jinja/milestone/16?closed=1

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. GHSA-q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. #1792, GHSA-gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. #2032
  • Calling sync render for an async template uses asyncio.run. #1952
  • Avoid unclosed auto_aiter warnings. #1960
  • Return an aclose-able AsyncGenerator from Template.generate_async. #1960
  • Avoid leaving root_render_func() unclosed in Template.generate_async. #1960
  • Avoid leaving async generators unclosed in blocks, includes and extends. #1960
  • The runtime uses the correct concat function for the current environment when calling block references. #1701
  • Make |unique async-aware, allowing it to be used after another async-aware filter. #1781
  • |int filter handles OverflowError from scientific notation. #1921
  • Make compiling deterministic for tuple unpacking in a {% set ... %} call. #2021
  • Fix dunder protocol (copy/pickle/etc) interaction with Undefined objects. #2025
  • Fix copy/pickle support for the internal missing object. #2027
  • Environment.overlay(enable_async) is applied correctly. #2061
  • The error message from FileSystemLoader includes the paths that were searched. #1661
  • PackageLoader shows a clearer error message when the package does not contain the templates directory. #1705
  • Improve annotations for methods returning copies. #1880
  • urlize does not add mailto: to values like @a@b. #1870
  • Tests decorated with @pass_context can be used with the |select filter. #1624
  • Using set for multiple assignment (a, b = 1, 2) does not fail when the target is a namespace attribute. #1413
  • Using set in all branches of {% if %}{% elif %}{% else %} blocks does not cause the variable to be considered initially undefined. #1253

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

  • The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

  • Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.

... (truncated)

Changelog

Sourced from jinja2's changelog.

Version 3.1.6

Released 2025-03-05

  • The |attr filter does not bypass the environment's attribute lookup, allowing the sandbox to apply its checks. :ghsa:cpwx-vrp4-4pq7

Version 3.1.5

Released 2024-12-21

  • The sandboxed environment handles indirect calls to str.format, such as by passing a stored reference to a filter that calls its argument. :ghsa:q2x7-8rv6-6q7h
  • Escape template name before formatting it into error messages, to avoid issues with names that contain f-string syntax. :issue:1792, :ghsa:gmj6-6f8f-6699
  • Sandbox does not allow clear and pop on known mutable sequence types. :issue:Description has been truncated

@dependabot
build(deps): Bump the pip group across 1 directory with 9 updates
22cbe82 
Bumps the pip group with 9 updates in the /backend directory:

| Package | From | To |
| --- | --- | --- |
| [flask](https://github.com/pallets/flask) | `2.0.1` | `2.2.5` |
| [flask-cors](https://github.com/corydolphin/flask-cors) | `3.0.10` | `4.0.2` |
| [werkzeug](https://github.com/pallets/werkzeug) | `2.0.1` | `3.0.6` |
| [nltk](https://github.com/nltk/nltk) | `3.6.3` | `3.9.1` |
| [scikit-learn](https://github.com/scikit-learn/scikit-learn) | `0.24.2` | `1.5.1` |
| [transformers](https://github.com/huggingface/transformers) | `4.26.0` | `4.48.0` |
| [tensorflow](https://github.com/tensorflow/tensorflow) | `2.12.0` | `2.12.1` |
| [torch](https://github.com/pytorch/pytorch) | `1.13.0` | `2.2.0` |
| [jinja2](https://github.com/pallets/jinja) | `3.0.1` | `3.1.6` |



Updates `flask` from 2.0.1 to 2.2.5
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@2.0.1...2.2.5)

Updates `flask-cors` from 3.0.10 to 4.0.2
- [Release notes](https://github.com/corydolphin/flask-cors/releases)
- [Changelog](https://github.com/corydolphin/flask-cors/blob/main/CHANGELOG.md)
- [Commits](corydolphin/flask-cors@3.0.10...4.0.2)

Updates `werkzeug` from 2.0.1 to 3.0.6
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@2.0.1...3.0.6)

Updates `nltk` from 3.6.3 to 3.9.1
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.6.3...3.9.1)

Updates `scikit-learn` from 0.24.2 to 1.5.1
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@0.24.2...1.5.1)

Updates `transformers` from 4.26.0 to 4.48.0
- [Release notes](https://github.com/huggingface/transformers/releases)
- [Commits](huggingface/transformers@v4.26.0...v4.48.0)

Updates `tensorflow` from 2.12.0 to 2.12.1
- [Release notes](https://github.com/tensorflow/tensorflow/releases)
- [Changelog](https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md)
- [Commits](tensorflow/tensorflow@v2.12.0...v2.12.1)

Updates `torch` from 1.13.0 to 2.2.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v1.13.0...v2.2.0)

Updates `jinja2` from 3.0.1 to 3.1.6
- [Release notes](https://github.com/pallets/jinja/releases)
- [Changelog](https://github.com/pallets/jinja/blob/main/CHANGES.rst)
- [Commits](pallets/jinja@3.0.1...3.1.6)

---
updated-dependencies:
- dependency-name: flask
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: flask-cors
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: werkzeug
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: nltk
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: scikit-learn
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: transformers
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tensorflow
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: torch
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: jinja2
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Mar 21, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant