Bump the pip group across 1 directory with 5 updates

[dependabot]

Bumps the pip group with 5 updates in the / directory:

Package	From	To
numpy	1.21.2	1.22.0
scikit-learn	0.24.2	1.5.0
dash	2.14.0	2.15.0
flask	2.2.3	2.2.5
pymongo	4.3.3	4.6.3

Updates numpy from 1.21.2 to 1.22.0

Release notes

Sourced from numpy's releases.

v1.22.0

NumPy 1.22.0 Release Notes

NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements, highlights are:

• Annotations of the main namespace are essentially complete. Upstream is a moving target, so there will likely be further improvements, but the major work is done. This is probably the most user visible enhancement in this release.
• A preliminary version of the proposed Array-API is provided. This is a step in creating a standard collection of functions that can be used across application such as CuPy and JAX.
• NumPy now has a DLPack backend. DLPack provides a common interchange format for array (tensor) data.
• New methods for quantile, percentile, and related functions. The new methods provide a complete set of the methods commonly found in the literature.
• A new configurable allocator for use by downstream projects.

These are in addition to the ongoing work to provide SIMD support for commonly used functions, improvements to F2PY, and better documentation.

The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped. Note that 32 bit wheels are only provided for Python 3.8 and 3.9 on Windows, all other wheels are 64 bits on account of Ubuntu, Fedora, and other Linux distributions dropping 32 bit support. All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix the occasional problems encountered by folks using truly huge arrays.

Expired deprecations

Deprecated numeric style dtype strings have been removed

Using the strings "Bytes0", "Datetime64", "Str0", "Uint32", and "Uint64" as a dtype will now raise a TypeError.

(gh-19539)

Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

numpy.loads was deprecated in v1.15, with the recommendation that users use pickle.loads instead. ndfromtxt and mafromtxt were both deprecated in v1.17 - users should use numpy.genfromtxt instead with the appropriate value for the usemask parameter.

(gh-19615)

... (truncated)

Commits

• 4adc87d Merge pull request #20685 from charris/prepare-for-1.22.0-release
• fd66547 REL: Prepare for the NumPy 1.22.0 release.
• 125304b wip
• c283859 Merge pull request #20682 from charris/backport-20416
• 5399c03 Merge pull request #20681 from charris/backport-20954
• f9c45f8 Merge pull request #20680 from charris/backport-20663
• 794b36f Update armccompiler.py
• d93b14e Update test_public_api.py
• 7662c07 Update init.py
• 311ab52 Update armccompiler.py
• Additional commits viewable in compare view

Updates scikit-learn from 0.24.2 to 1.5.0

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.5.0

We're happy to announce the 1.5.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.5.html

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Scikit-learn 1.4.2

We're happy to announce the 1.4.2 release.

This release only includes support for numpy 2.

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

Scikit-learn 1.4.1.post1

We're happy to announce the 1.4.1.post1 release.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

... (truncated)

Commits

• b51d0c9 trigger whell builder [cd build]
• 919ae9b MAINT Reoder what's new for 1.5 (#29039)
• 0ac28ad DOC Release highlights 1.5 (#29007)
• 729b54d test py3.12 against numpy 2 [cd build]
• 1e50434 set version
• ffbe4ab DOC remove obsolete SVM example (#27108)
• 4647729 DOC Fix time complexity of MLP (#28592)
• 9bd7047 FIX convergence criterion of MeanShift (#28951)
• b79420f FIX add long long for int32/int64 windows compat in NumPy 2.0 (#29029)
• 37f544d DOC replace pandas with Polars in examples/gaussian_process/plot_gpr_co2.py (...
• Additional commits viewable in compare view

Updates dash from 2.14.0 to 2.15.0

Release notes

Sourced from dash's releases.

Dash v2.15.0

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
  • Add tooltip.style a style object to give to the div of the tooltip.
  • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
• #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

• #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

• #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
• #2721 Remove ansi2html, fixes #2613

Dash v2.14.2

Fixed

• #2700 Fix _allow_dynamic_callbacks for newly-added components.

Dash v2.14.1

Fixed

• #2672 Fix get_caller_name in case the source is not available.

Changed

• #2674 Raise flask & werkzeug limits to <3.1

Changelog

Sourced from dash's changelog.

[2.15.0] - 2024-01-31

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
  • Add tooltip.style a style object to give to the div of the tooltip.
  • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
• #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

• #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

• #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
• #2721 Remove ansi2html, fixes #2613

[2.14.2] - 2023-11-27

Fixed

• #2700 Fix _allow_dynamic_callbacks for newly-added components.

[2.14.1] - 2023-10-26

Fixed

• #2672 Fix get_caller_name in case the source is not available.

Changed

• #2674 Raise flask & werkzeug limits to <3.1

Commits

• 115aa4e Merge pull request #2739 from plotly/master-2.15.0
• 9243f93 build
• 83c5422 Version 2.15.0 build artifacts
• 78d07c4 Merge branch 'dev' into master-2.15.0
• 6a8da52 Merge pull request #2737 from plotly/version-2.15.0
• 7cb6f07 build
• da4261e Fix changelog.
• 27751a8 Version 2.15.0
• 49ac14f Merge pull request #2723 from plotly/slider-tips
• 06fb03a docstring typos
• Additional commits viewable in compare view

Updates flask from 2.2.3 to 2.2.5

Release notes

Sourced from flask's releases.

2.2.5

This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

• Security advisory: GHSA-m2qf-hxjv-5gpq, CVE-2023-30861
• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-5
• Milestone: https://github.com/pallets/flask/milestone/30?closed=1

2.2.4

This is a fix release for the 2.2.x release branch.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-4
• Milestone: https://github.com/pallets/flask/milestone/27?closed=1

Changelog

Sourced from flask's changelog.

Version 2.2.5

Released 2023-05-02

• Update for compatibility with Werkzeug 2.3.3.
• Set Vary: Cookie header when the session is accessed, modified, or refreshed.

Version 2.2.4

Released 2023-04-25

• Update for compatibility with Werkzeug 2.3.

Commits

• 47af817 release version 2.2.5
• afd63b1 Merge pull request #5109 from pallets/backport-vary-cookie
• 8646edc set Vary: Cookie header consistently for session
• a6367da Merge pull request #5108 from pallets/werkzeug-compat
• 3fbfbad werkzeug 2.3.3 compatibility
• 726d3f4 start version 2.2.5
• ddc7acc Merge pull request #5081 from pallets/release-2.2.4
• 74e0329 release version 2.2.4
• 2d46068 update dev env
• 64bc458 update dev dependencies
• Additional commits viewable in compare view

Updates pymongo from 4.3.3 to 4.6.3

Release notes

Sourced from pymongo's releases.

PyMongo 4.6.3

Community notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-3-release-for-cve-2024-5629/284348

PyMongo 4.6.2

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-2-released/267404

PyMongo 4.6.1

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-1-released/255752

PyMongo 4.6.0

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-6-0-released/251866

PyMongo 4.5.0

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-5-0-released/240662

PyMongo 4.4.1

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-4-1-released/235045

PyMongo 4.4.0

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-4-released/232211

PyMongo 4.4.0b0

Release notes: https://www.mongodb.com/community/forums/t/pymongo-4-4-0b0-release/210471

Changelog

Sourced from pymongo's changelog.

Changes in Version 4.6.3 (2024/03/27)

PyMongo 4.6.3 fixes the following bug:

• Fixed a potential memory access violation when decoding invalid bson.

Issues Resolved ...............

See the PyMongo 4.6.3 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.6.3 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=38360

Changes in Version 4.6.2 (2024/02/21)

PyMongo 4.6.2 fixes the following bug:

• Fixed a bug appearing in Python 3.12 where "RuntimeError: can't create new thread at interpreter shutdown" could be written to stderr when a MongoClient's thread starts as the python interpreter is shutting down.

Issues Resolved ...............

See the PyMongo 4.6.2 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.6.2 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=37906

Changes in Version 4.6.1 (2023/11/29)

PyMongo 4.6.1 fixes the following bug:

• Ensure retryable read OperationFailure errors re-raise exception when 0 or NoneType error code is provided.

Issues Resolved ...............

See the PyMongo 4.6.1 release notes in JIRA_ for the list of resolved issues in this release.

.. _PyMongo 4.6.1 release notes in JIRA: https://jira.mongodb.org/secure/ReleaseNote.jspa?projectId=10004&version=37138

Changes in Version 4.6.0 (2023/11/01)

PyMongo 4.6 brings a number of improvements including:

... (truncated)

Commits

• 8da192f BUMP 4.6.3
• 56b6b6d PYTHON-4305 Fix bson size check (#1564)
• 449d0f3 BUMP to 4.6.3.dev0
• e04576d DEVPROD-3871 Use teardown_task when there is one function/command (#1533)
• cf1c6a1 PYTHON-4219 Prep for 4.6.2 Release (#1530)
• d29b2b7 PYTHON-4147 [v4.6]: Silence noisy thread.start() RuntimeError at shutdown (#1...
• 0477b9b PYTHON-4077 [v4.6]: Ensure there is a MacOS wheel for Python 3.7 (#1527)
• ecad17d BUMP 4.6.2.dev0
• 485e0a5 BUMP 4.6.1
• 995365c PYTHON-4038 [v4.6]: Ensure retryable read OperationFailures re-raise except...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Summary by Sourcery

Update dependencies for numpy, scikit-learn, dash, flask, and pymongo.

Enhancements:

• Upgrade numpy to 1.22.0.
• Upgrade scikit-learn to 1.5.0.
• Upgrade dash to 2.15.0.
• Upgrade Flask to 2.2.5.
• Upgrade pymongo to 4.6.3.

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request updates several Python packages in the requirements.txt file. NumPy is updated to 1.22.0, scikit-learn to 1.5.0, Dash to 2.15.0, Flask to 2.2.5, and PyMongo to 4.6.3.

State diagram showing key changes in NumPy 1.22.0

stateDiagram-v2
    [*] --> NumPy_1.22.0
    NumPy_1.22.0 --> Array_API: Preliminary version
    NumPy_1.22.0 --> DLPack_Backend: New feature
    NumPy_1.22.0 --> Annotations: Main namespace complete
    NumPy_1.22.0 --> Quantile_Methods: New methods
    NumPy_1.22.0 --> Configurable_Allocator: New feature

    state NumPy_1.22.0 {
        Python3.8_to_3.10 --> Dropped_Python3.7
        32bit --> 64bit: Windows wheels
    }

Loading

State diagram showing security updates in Flask and PyMongo

stateDiagram-v2
    [*] --> Security_Updates

    state Security_Updates {
        Flask --> Flask_2.2.5: CVE-2023-30861
        Flask_2.2.5 --> Vary_Cookie: Added header

        PyMongo --> PyMongo_4.6.3: CVE-2024-5629
        PyMongo_4.6.3 --> BSON_Fix: Fixed memory access violation
    }

Loading

File-Level Changes

Change	Details	Files
Updated NumPy from 1.21.2 to 1.22.0	Complete annotations of the main namespace Preliminary version of the proposed Array-API DLPack backend for common array data interchange New methods for quantile, percentile, and related functions Configurable allocator for downstream projects	requirements.txt
Updated scikit-learn from 0.24.2 to 1.5.0	Support for NumPy 2.0 Various bug fixes and improvements Updated documentation and examples	requirements.txt
Updated Dash from 2.14.0 to 2.15.0	Added triggered_id to dash_clientside.callback_context Improved dcc Slider/RangeSlider tooltips Added _dash_error key to setProps for component developers Sanitized HTML props vulnerable to XSS attacks Updated dcc.Clipboard to support html_content	requirements.txt
Updated Flask from 2.2.3 to 2.2.5	Security fix release Compatibility with Werkzeug 2.3.3 Set Vary: Cookie header for session access	requirements.txt
Updated PyMongo from 4.3.3 to 4.6.3	Bug fixes and performance improvements Potential memory access violation fix when decoding invalid bson	requirements.txt

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time. You can also use
  this command to specify where the summary should be inserted.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

We have skipped reviewing this pull request. Here's why:

• It seems to have been created by a bot (hey, dependabot[bot]!). We assume it knows what it's doing!
• We don't review packaging changes - Let us know if you'd like us to change this.