Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the pip group across 2 directories with 4 updates #133

Closed
wants to merge 1 commit into from
Closed

Bump the pip group across 2 directories with 4 updates #133

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 4, 2024
edited
Loading

Bumps the pip group with 4 updates in the / directory: flask, flask-cors, mlflow and werkzeug.
Bumps the pip group with 4 updates in the /aioradio directory: flask, flask-cors, mlflow and werkzeug.

Updates flask from 2.1.2 to 2.2.5

Release notes

Sourced from flask's releases.

2.2.5

This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

2.2.4

This is a fix release for the 2.2.x release branch.

2.2.3

This is a fix release for the 2.2.x release branch.

2.2.2

This is a fix release for the 2.2.0 feature release.

2.2.1

This is a fix release for the 2.2.0 feature release.

2.2.0

This is a feature release, which includes new features and removes previously deprecated code. The 2.2.x branch is now the supported bug fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

2.1.3

Changelog

Sourced from flask's changelog.

Version 2.2.5

Released 2023-05-02

  • Update for compatibility with Werkzeug 2.3.3.
  • Set Vary: Cookie header when the session is accessed, modified, or refreshed.

Version 2.2.4

Released 2023-04-25

  • Update for compatibility with Werkzeug 2.3.

Version 2.2.3

Released 2023-02-15

  • Autoescape is enabled by default for .svg template files. :issue:4831
  • Fix the type of template_folder to accept pathlib.Path. :issue:4892
  • Add --debug option to the flask run command. :issue:4777

Version 2.2.2

Released 2022-08-08

  • Update Werkzeug dependency to >= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:4754
  • Fix the default value for app.env to be "production". This attribute remains deprecated. :issue:4740

Version 2.2.1

Released 2022-08-03

  • Setting or accessing json_encoder or json_decoder raises a deprecation warning. :issue:4732

Version 2.2.0

... (truncated)

Commits

Updates flask-cors from 3.0.10 to 4.0.1

Release notes

Sourced from flask-cors's releases.

4.0.1

What's Changed

New Contributors

Full Changelog: corydolphin/flask-cors@4.0.0...4.0.1

Release 4.0.0

What's Changed

New Contributors

Full Changelog: corydolphin/flask-cors@3.1.01...v4.0.0

3.1.01

What's Changed

New Contributors

Full Changelog: corydolphin/flask-cors@3.0.10...3.1.01

Changelog

Sourced from flask-cors's changelog.

4.0.1

Security

4.0.0

3.1.01

Commits

Updates mlflow from 2.10.2 to 2.12.1

Release notes

Sourced from mlflow's releases.

MLflow 2.12.1 includes several major features and improvements

With this release, we're pleased to introduce several major new features that are focused on enhanced GenAI support, Deep Learning workflows involving images, expanded table logging functionality, and general usability enhancements within the UI and external integrations.

Major Features and Improvements:

  • PromptFlow: Introducing the new PromptFlow flavor, designed to enrich the GenAI landscape within MLflow. This feature simplifies the creation and management of dynamic prompts, enhancing user interaction with AI models and streamlining prompt engineering processes. (#11311, #11385 @​brynn-code)

  • Enhanced Metadata Sharing for Unity Catalog: MLflow now supports the ability to share metadata (and not model weights) within Databricks Unity Catalog. When logging a model, this functionality enables the automatic duplication of metadata into a dedicated subdirectory, distinct from the model’s actual storage location, allowing for different sharing permissions and access control limits. (#11357, #11720 @​WeichenXu123)

  • Code Paths Unification and Standardization: We have unified and standardized the code_paths parameter across all MLflow flavors to ensure a cohesive and streamlined user experience. This change promotes consistency and reduces complexity in the model deployment lifecycle. (#11688, @​BenWilson2)

  • ChatOpenAI and AzureChatOpenAI Support: Support for the ChatOpenAI and AzureChatOpenAI interfaces has been integrated into the LangChain flavor, facilitating seamless deployment of conversational AI models. This development opens new doors for building sophisticated and responsive chat applications leveraging cutting-edge language models. (#11644, @​B-Step62)

  • Custom Models in Sentence-Transformers: The sentence-transformers flavor now supports custom models, allowing for a greater flexibility in deploying tailored NLP solutions. (#11635, @​B-Step62)

  • Native MLflow Image support in the log_image API: Added support for optimized image logging, including step-based iterative logging for images generated as part of a training run. This feature enables the ability to track your image generation, classification, segmentation, enhancement and object detection deep learning models effortlessly. (#11243, #11404, @​jessechancy)

  • Image Support for Log Table: With the addition of image support in log_table, MLflow enhances its capabilities in handling rich media. This functionality allows for direct logging and visualization of images within the platform, improving the interpretability and analysis of visual data. (#11535, @​jessechancy)

  • Streaming Support for LangChain: The newly introduced predict_stream API for LangChain models supports streaming outputs, enabling real-time output for chain invocation via pyfunc. This feature is pivotal for applications requiring continuous data processing and instant feedback. (#11490, #11580 @​WeichenXu123)

Security Fixes:

  • Security Patch: Addressed a critical Local File Read/Path Traversal vulnerability within the Model Registry, ensuring robust protection against unauthorized access and securing user data integrity. (#11376, @​WeichenXu123)

Features:

  • [Models] Add the PromptFlow flavor (#11311, #11385 @​brynn-code)
  • [Models] Add a new predict_stream API for streamable output for Langchain models and the DatabricksDeploymentClient (#11490, #11580 @​WeichenXu123)
  • [Models] Deprecate and add code_paths alias for code_path in pyfunc to be standardized to other flavor implementations (#11688, @​BenWilson2)
  • [Models] Add support for custom models within the sentence-transformers flavor (#11635, @​B-Step62)
  • [Models] Enable Spark MapType support within model signatures when used with Spark udf inference (#11265, @​WeichenXu123)
  • [Models] Add support for metadata-only sharing within Unity Catalog through the use of a subdirectory (#11357, #11720 @​WeichenXu123)
  • [Models] Add Support for the ChatOpenAI and AzureChatOpenAI LLM interfaces within the LangChain flavor (#11644, @​B-Step62)
  • [Artifacts] Add support for utilizing presigned URLs when uploading and downloading files when using Unity Catalog (#11534, @​artjen)
  • [Artifacts] Add a new Image object for handling the logging and optimized compression of images (#11404, @​jessechancy)
  • [Artifacts] Add time and step-based metadata to the logging of images (#11243, @​jessechancy)
  • [Artifacts] Add the ability to log a dataset to Unity Catalog by means of UCVolumeDatasetSource (#11301, @​chenmoneygithub)
  • [Tracking] Remove the restrictions for logging a table in Delta format to no longer require running within a Databricks environment (#11521, @​chenmoneygithub)
  • [Tracking] Add support for logging mlflow.Image files within tables (#11535, @​jessechancy)
  • [Server-infra] Introduce override configurations for controlling how http retries are handled (#11590, @​BenWilson2)
  • [Deployments] Implement chat & chat streaming for Anthropic within the MLflow deployments server (#11195, @​gabrielfu)

Security fixes:

Bug fixes:

... (truncated)

Changelog

Sourced from mlflow's changelog.

2.12.1 (2024-04-17)

MLflow 2.12.1 includes several major features and improvements

With this release, we're pleased to introduce several major new features that are focused on enhanced GenAI support, Deep Learning workflows involving images, expanded table logging functionality, and general usability enhancements within the UI and external integrations.

Major Features and Improvements:

  • PromptFlow: Introducing the new PromptFlow flavor, designed to enrich the GenAI landscape within MLflow. This feature simplifies the creation and management of dynamic prompts, enhancing user interaction with AI models and streamlining prompt engineering processes. (#11311, #11385 @​brynn-code)

  • Enhanced Metadata Sharing for Unity Catalog: MLflow now supports the ability to share metadata (and not model weights) within Databricks Unity Catalog. When logging a model, this functionality enables the automatic duplication of metadata into a dedicated subdirectory, distinct from the model’s actual storage location, allowing for different sharing permissions and access control limits. (#11357, #11720 @​WeichenXu123)

  • Code Paths Unification and Standardization: We have unified and standardized the code_paths parameter across all MLflow flavors to ensure a cohesive and streamlined user experience. This change promotes consistency and reduces complexity in the model deployment lifecycle. (#11688, @​BenWilson2)

  • ChatOpenAI and AzureChatOpenAI Support: Support for the ChatOpenAI and AzureChatOpenAI interfaces has been integrated into the LangChain flavor, facilitating seamless deployment of conversational AI models. This development opens new doors for building sophisticated and responsive chat applications leveraging cutting-edge language models. (#11644, @​B-Step62)

  • Custom Models in Sentence-Transformers: The sentence-transformers flavor now supports custom models, allowing for a greater flexibility in deploying tailored NLP solutions. (#11635, @​B-Step62)

  • Image Support for Log Table: With the addition of image support in log_table, MLflow enhances its capabilities in handling rich media. This functionality allows for direct logging and visualization of images within the platform, improving the interpretability and analysis of visual data. (#11535, @​jessechancy)

  • Streaming Support for LangChain: The newly introduced predict_stream API for LangChain models supports streaming outputs, enabling real-time output for chain invocation via pyfunc. This feature is pivotal for applications requiring continuous data processing and instant feedback. (#11490, #11580 @​WeichenXu123)

Security Fixes:

  • Security Patch: Addressed a critical Local File Read/Path Traversal vulnerability within the Model Registry, ensuring robust protection against unauthorized access and securing user data integrity. (#11376, @​WeichenXu123)

Features:

  • [Models] Add the PromptFlow flavor (#11311, #11385 @​brynn-code)
  • [Models] Add a new predict_stream API for streamable output for Langchain models and the DatabricksDeploymentClient (#11490, #11580 @​WeichenXu123)
  • [Models] Deprecate and add code_paths alias for code_path in pyfunc to be standardized to other flavor implementations (#11688, @​BenWilson2)
  • [Models] Add support for custom models within the sentence-transformers flavor (#11635, @​B-Step62)
  • [Models] Enable Spark MapType support within model signatures when used with Spark udf inference (#11265, @​WeichenXu123)
  • [Models] Add support for metadata-only sharing within Unity Catalog through the use of a subdirectory (#11357, #11720 @​WeichenXu123)
  • [Models] Add Support for the ChatOpenAI and AzureChatOpenAI LLM interfaces within the LangChain flavor (#11644, @​B-Step62)
  • [Artifacts] Add support for utilizing presigned URLs when uploading and downloading files when using Unity Catalog (#11534, @​artjen)
  • [Artifacts] Add a new Image object for handling the logging and optimized compression of images (#11404, @​jessechancy)
  • [Artifacts] Add time and step-based metadata to the logging of images (#11243, @​jessechancy)
  • [Artifacts] Add the ability to log a dataset to Unity Catalog by means of UCVolumeDatasetSource (#11301, @​chenmoneygithub)
  • [Tracking] Remove the restrictions for logging a table in Delta format to no longer require running within a Databricks environment (#11521, @​chenmoneygithub)
  • [Tracking] Add support for logging mlflow.Image files within tables (#11535, @​jessechancy)
  • [Server-infra] Introduce override configurations for controlling how http retries are handled (#11590, @​BenWilson2)
  • [Deployments] Implement chat & chat streaming for Anthropic within the MLflow deployments server (#11195, @​gabrielfu)

Security fixes:

Bug fixes:

... (truncated)

Commits

Updates werkzeug from 2.1.2 to 3.0.3

Release notes

Sourced from werkzeug's releases.

3.0.3

This is the Werkzeug 3.0.3 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Werkzeug/3.0.3/ Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-3 Milestone: https://github.com/pallets/werkzeug/milestone/35?closed=1

  • Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. GHSA-2g68-c3qc-8985
  • Make reloader more robust when "" is in sys.path. #2823
  • Better TLS cert format with adhoc dev certs. #2891
  • Inform Python < 3.12 how to handle itms-services URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. #2828
  • Type annotation for Rule.endpoint and other uses of endpoint is Any. #2836

3.0.2

This is a fix release for the 3.0.x feature branch.

3.0.1

This is a security release for the 3.0.x feature branch.

3.0.0

This is a feature release, which includes new features, removes previously deprecated code, and adds new deprecations. The 3.0.x branch is now the supported fix branch, the 2.3.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades. Test with warnings treated as errors to be able to adapt to deprecation warnings early.

2.3.8

This is a security release for the 2.3.x feature branch.

2.3.7

This is a fix release for the 2.3.x feature branch.

2.3.6

This is a fix release for the 2.3.x feature branch.

2.3.5

This is a fix release for the 2.3.x feature branch.

... (truncated)

Changelog

Sourced from werkzeug's changelog.

Version 3.0.3

Released 2024-05-05

  • Only allow localhost, .localhost, 127.0.0.1, or the specified hostname when running the dev server, to make debugger requests. Additional hosts can be added by using the debugger middleware directly. The debugger UI makes requests using the full URL rather than only the path. :ghsa:2g68-c3qc-8985

  • Make reloader more robust when "" is in sys.path. :pr:2823

  • Better TLS cert format with adhoc dev certs. :pr:2891

  • Inform Python < 3.12 how to handle itms-services URIs correctly, rather than using an overly-broad workaround in Werkzeug that caused some redirect URIs to be passed on without encoding. :issue:2828

  • Type annotation for Rule.endpoint and other uses of endpoint is Any. :issue:2836

  • Make reloader more robust when "" is in sys.path. :pr:2823

Version 3.0.2

Released 2024-04-01

  • Ensure setting merge_slashes to False results in NotFound for repeated-slash requests against single slash routes. :issue:2834
  • Fix handling of TypeError in TypeConversionDict.get() to match ValueError. :issue:2843
  • Fix response_wrapper type check in test client. :issue:2831
  • Make the return type of MultiPartParser.parse more precise. :issue:2840
  • Raise an error if converter arguments cannot be parsed. :issue:2822

Version 3.0.1

Released 2023-10-24

  • Fix slow multipart parsing for large parts potentially enabling DoS attacks.

Version 3.0.0

Released 2023-09-30

  • Remove previously deprecated code. :pr:2768

... (truncated)

Commits

Updates flask from 2.1.2 to 2.2.5

Release notes

Sourced from flask's releases.

2.2.5

This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

2.2.4

This is a fix release for the 2.2.x release branch.

2.2.3

This is a fix release for the 2.2.x release branch.

2.2.2

This is a fix release for the 2.2.0 feature release.

2.2.1

This is a fix release for the 2.2.0 feature release.

2.2.0

This is a feature release, which includes new features and removes previously deprecated code. The 2.2.x branch is now the supported bug fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

2.1.3

Changelog

Sourced from flask's changelog.

Version 2.2.5

Released 2023-05-02

  • Update for compatibility with Werkzeug 2.3.3.
  • Set Vary: Cookie header when the session is accessed, modified, or refreshed.

Version 2.2.4

Released 2023-04-25

  • Update for compatibility with Werkzeug 2.3.

Version 2.2.3

Released 2023-02-15

  • Autoescape is enabled by default for .svg template files. :issue:4831
  • Fix the type of template_folder to accept pathlib.Path. :issue:4892
  • Add --debug option to the flask run command. :issue:4777

Version 2.2.2

Released 2022-08-08

  • Update Werkzeug dependency to >= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:4754
  • Fix the default value for app.env to be "production". This attribute remains deprecated. :issue:4740

Version 2.2.1

Released 2022-08-03

  • Setting or accessing json_encoder or json_decoder raises a deprecation warning. :issue:4732

Version 2.2.0

... (truncated)

Commits

Updates flask-cors from 3.0.10 to 4.0.1

Release notes

Sourced from flask-cors's releases.

4.0.1

What's Changed

New Contributors

Full Changelog: corydolphin/flask-cors@4.0.0...4.0.1

Release 4.0.0

What's Changed

New Contributors

Full Changelog: corydolphin/flask-cors@3.1.01...v4.0.0

3.1.01

What's Changed

New Contributors

Full Changelog: corydolphin/flask-cors@3.0.10...3.1.01

Changelog

Sourced from

@dependabot
Bump the pip group across 2 directories with 4 updates
e7d736f 
Bumps the pip group with 4 updates in the / directory: [flask](https://github.com/pallets/flask), [flask-cors](https://github.com/corydolphin/flask-cors), [mlflow](https://github.com/mlflow/mlflow) and [werkzeug](https://github.com/pallets/werkzeug).
Bumps the pip group with 4 updates in the /aioradio directory: [flask](https://github.com/pallets/flask), [flask-cors](https://github.com/corydolphin/flask-cors), [mlflow](https://github.com/mlflow/mlflow) and [werkzeug](https://github.com/pallets/werkzeug).


Updates `flask` from 2.1.2 to 2.2.5
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@2.1.2...2.2.5)

Updates `flask-cors` from 3.0.10 to 4.0.1
- [Release notes](https://github.com/corydolphin/flask-cors/releases)
- [Changelog](https://github.com/corydolphin/flask-cors/blob/main/CHANGELOG.md)
- [Commits](corydolphin/flask-cors@3.0.10...4.0.1)

Updates `mlflow` from 2.10.2 to 2.12.1
- [Release notes](https://github.com/mlflow/mlflow/releases)
- [Changelog](https://github.com/mlflow/mlflow/blob/master/CHANGELOG.md)
- [Commits](mlflow/mlflow@v2.10.2...v2.12.1)

Updates `werkzeug` from 2.1.2 to 3.0.3
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@2.1.2...3.0.3)

Updates `flask` from 2.1.2 to 2.2.5
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@2.1.2...2.2.5)

Updates `flask-cors` from 3.0.10 to 4.0.1
- [Release notes](https://github.com/corydolphin/flask-cors/releases)
- [Changelog](https://github.com/corydolphin/flask-cors/blob/main/CHANGELOG.md)
- [Commits](corydolphin/flask-cors@3.0.10...4.0.1)

Updates `mlflow` from 2.10.2 to 2.12.1
- [Release notes](https://github.com/mlflow/mlflow/releases)
- [Changelog](https://github.com/mlflow/mlflow/blob/master/CHANGELOG.md)
- [Commits](mlflow/mlflow@v2.10.2...v2.12.1)

Updates `werkzeug` from 2.1.2 to 3.0.3
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@2.1.2...3.0.3)

---
updated-dependencies:
- dependency-name: flask
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: flask-cors
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: mlflow
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: werkzeug
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: flask
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: flask-cors
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: mlflow
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: werkzeug
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label Jun 4, 2024
@nrccua-timr nrccua-timr closed this Oct 7, 2024
@dependabot Dependabot
Copy link
Author

dependabot bot commented on behalf of github Oct 7, 2024

This pull request was built based on a group rule. Closing it will not ignore any of these versions in future pull requests.

To ignore these dependencies, configure ignore rules in dependabot.yml

@dependabot dependabot bot deleted the dependabot/pip/pip-2909bd18d4 branch October 7, 2024 14:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@nrccua-timr