Bump the pip group across 1 directory with 27 updates

[dependabot]

Bumps the pip group with 27 updates in the / directory:

Package	From	To
astropy	5.1	5.3.3
black	22.6.0	24.3.0
certifi	2022.12.7	2023.7.22
cookiecutter	1.7.3	2.1.1
cryptography	39.0.1	42.0.4
flask	2.2.2	2.2.5
gunicorn	21.2.0	22.0.0
idna	3.4	3.7
imagecodecs	2021.8.26	2023.9.18
jinja2	3.1.2	3.1.4
joblib	1.1.1	1.2.0
jupyter-server	1.23.4	2.11.2
jupyterlab	3.5.3	3.6.7
mpmath	1.2.1	1.3.0
pillow	9.4.0	10.3.0
pip	22.3.1	23.3
pyarrow	11.0.0	14.0.1
requests	2.28.1	2.32.2
scikit-learn	1.2.1	1.5.0
scrapy	2.8.0	2.11.2
torch	1.12.1	1.13.1
tornado	6.1	6.4.1
tqdm	4.64.1	4.66.3
transformers	4.24.0	4.38.0
twisted	22.2.0	23.10.0
urllib3	1.26.14	1.26.19
werkzeug	2.2.2	3.0.3

Updates astropy from 5.1 to 5.3.3

Release notes

Sourced from astropy's releases.

v5.3.3 Release Notes

See https://docs.astropy.org/en/v5.3.3/changelog.html

v5.3.2 Release Notes

See https://docs.astropy.org/en/v5.3.2/changelog.html

v5.3.1

See CHANGES.rst for the full changelog

v5.3

See CHANGES.rst for the full changelog

v5.2.2

See CHANGES.rst for the full changelog.

v5.2.1

See CHANGES.rst for the full changelog.

v5.2

See CHANGES.rst for the full changelog

v5.1.1

See CHANGES.rst for the full changelog

Commits

• 6258f07 Merge pull request #15286 from astrofrog/v5.3.3-changelog
• 8de0b5b Finalizing changelog for v5.3.3
• 7dcc0cd Merge pull request #15263 from astropy/update-iers-v5.3.x-1693526610
• a20ace4 Update IERS Earth rotation and leap second tables
• 7a4c713 Merge pull request #15234 from pllim/pin-numpy-lt-2
• 710cbc0 Merge pull request #15249 from meeseeksmachine/auto-backport-of-pr-15155-on-v...
• 8590f0c Backport PR #15155: Documentation fix for issue #15132 PrimaryHDU.fromstring(...
• a45198f Merge pull request #15246 from meeseeksmachine/auto-backport-of-pr-15244-on-v...
• 43c9e01 Backport PR #15244: RTD: No more system_packages
• 9580b23 TST: Update modeling test logic
• Additional commits viewable in compare view

Updates black from 22.6.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

• Don't move comments along with delimiters, which could cause crashes (#4248)
• Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
• Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

• Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

• Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

• Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

• Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
• Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
• Checking for newline before adding one on docstring that is almost at the line limit (#4185)
• Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

• 552baf8 Prepare release 24.3.0 (#4279)
• f000936 Fix catastrophic performance in lines_with_leading_tabs_expanded() (#4278)
• 7b5a657 Fix --line-ranges behavior when ranges are at EOF (#4273)
• 1abcffc Use regex where we ignore case on windows (#4252)
• 719e674 Fix 4227: Improve documentation for --quiet --check (#4236)
• e5510af update plugin url for Thonny (#4259)
• 6af7d11 Fix AST safety check false negative (#4270)
• f03ee11 Ensure blib2to3.pygram is initialized before use (#4224)
• e4bfedb fix: Don't move comments while splitting delimiters (#4248)
• d0287e1 Make trailing comma logic more concise (#4202)
• Additional commits viewable in compare view

Updates certifi from 2022.12.7 to 2023.7.22

Commits

• 8fb96ed 2023.07.22
• afe7722 Bump actions/setup-python from 4.6.1 to 4.7.0 (#230)
• 2038739 Bump dessant/lock-threads from 3.0.0 to 4.0.1 (#229)
• 44df761 Hash pin Actions and enable dependabot (#228)
• 8b3d7ba 2023.05.07
• 53da240 ci: Add Python 3.12-dev to the testing (#224)
• c2fc3b1 Create a Security Policy (#222)
• c211ef4 Set up permissions to github workflows (#218)
• 2087de5 Don't let deprecation warning fail CI (#219)
• e0b9fc5 remove paragraphs about 1024-bit roots from README
• Additional commits viewable in compare view

Updates cookiecutter from 1.7.3 to 2.1.1

Release notes

Sourced from cookiecutter's releases.

2.1.1

Documentation updates

• Fix local extensions documentation (#1686) @​alkatar21

Bugfixes

• Sanitize Mercurial branch information before checkout. (#1689) @​ericof

This release is made by wonderful contributors:

@​alkatar21, @​ericof and @​jensens

2.1.0

Preamble

This release log lists all changes from 1.7.3 to this release. It includes the log of the 2.0.x releases, which were never published on PyPI. Because of that it might look a bit blurry.

We release the current stable state of the project, knowing there are a bunch of open pull requests. Those will be reviewed by the core-committers and merged or dropped.

Future releases will happen more frequently. Stay tuned.

Fetch fresh from PyPI https://pypi.org/project/cookiecutter/2.1.0/

Changes

• Move contributors and backers to credits section (#1599) @​doobrie
• test_generate_file_verbose_template_syntax_error fixed (#1671) @​MaciejPatro
• Removed changes related to setuptools_scm (#1629) @​ozer550
• Release 2.0.1 (#1620) @​audreyfeldroy

Breaking Changes

• Release preparation for 2.0.1rc1 (#1608) @​audreyfeldroy
• Replace poyo with pyyaml. (#1489) @​dHannasch
• Added: Path templates will be rendered when copy_without_render used (#839) @​noirbizarre
• Added: End of line detection and configuration. (#1407) @​insspb
• Remove support for python2.7 (#1386) @​ssbarnea

Minor Changes

• Documentation overhaul (#1677) @​jensens
• Feature/local extensions (#1240) @​mwesterhof
• Adopt setuptools-scm packaging (#1577) @​ssbarnea
• Log the error message when git clone fails, not just the return code (#1505) @​logworthy
• allow jinja 3.0.0 (#1548) @​wouterdb
• Added uuid extension to be able to generate uuids (#1493) @​jonaswre

... (truncated)

Changelog

Sourced from cookiecutter's changelog.

2.1.1 (2022-06-01)

Documentation updates

• Fix local extensions documentation (#1686) @​alkatar21

Bugfixes

• Sanitize Mercurial branch information before checkout. (#1689) @​ericof

This release is made by wonderfull contributors:

@​alkatar21, @​ericof and @​jensens

2.1.0 (2022-05-30)

Changes

• Move contributors and backers to credits section (#1599) @​doobrie
• test_generate_file_verbose_template_syntax_error fixed (#1671) @​MaciejPatro
• Removed changes related to setuptools_scm (#1629) @​ozer550
• Feature/local extensions (#1240) @​mwesterhof

CI/CD and QA changes

• Check manifest: pre-commit, fixes, cleaning (#1683) @​jensens
• Follow PyPA guide to release package using GitHub Actions. (#1682) @​ericof

Documentation updates

• Fix typo in dict_variables.rst (#1680) @​ericof
• Documentation overhaul (#1677) @​jensens
• Fixed incorrect link on docs. (#1649) @​luzfcb

Bugfixes

• Restore accidentally deleted support for click 8.x (#1643) @​jaklan

This release was made possible by our wonderful contributors:

@​doobrie, @​jensens, @​ericof, @​luzfcb

2.0.2 (2021-12-27)

Remark: This release never made it to official PyPI

• Fix Python version number in cookiecutter --version and test on Python 3.10 (#1621) @​ozer550
• Removed changes related to setuptools_scm (#1629) @​audreyfeldroy @​ozer550

... (truncated)

Commits

• f9376a9 Prepare release 2.1.1
• fdffddb Merge pull request #1689 from cookiecutter/sanitize-mercurial-checkout
• 85a7884 Lint fixes
• e26c465 Sanitize Mercurial branch information before checkout.
• 94036d0 Merge pull request #1687 from cookiecutter/bump-version-back-to-dev
• 70b2ee2 Merge pull request #1686 from alkatar21/patch-1
• 8b33e96 Bump version to 2.1.1.dev0
• 58d716f [Docs] Fix local extensions documentation
• f601b71 Merge pull request #1684 from cookiecutter/bump-release-2.1.0
• 96c6826 bump version and edit historie
• Additional commits viewable in compare view

Updates cryptography from 39.0.1 to 42.0.4

Changelog

Sourced from cryptography's changelog.

42.0.4 - 2024-02-20

* Fixed a null-pointer-dereference and segfault that could occur when creating
  a PKCS#12 bundle. Credit to **Alexander-Programming** for reporting the
  issue. **CVE-2024-26130**
* Fixed ASN.1 encoding for PKCS7/SMIME signed messages. The fields ``SMIMECapabilities``
  and ``SignatureAlgorithmIdentifier`` should now be correctly encoded according to the
  definitions in :rfc:`2633` :rfc:`3370`.
.. _v42-0-3:
42.0.3 - 2024-02-15

• Fixed an initialization issue that caused key loading failures for some users.

.. _v42-0-2:

42.0.2 - 2024-01-30

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.2.1.
* Fixed an issue that prevented the use of Python buffer protocol objects in
  ``sign`` and ``verify`` methods on asymmetric keys.
* Fixed an issue with incorrect keyword-argument naming with ``EllipticCurvePrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.exchange`,
  ``X25519PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x25519.X25519PrivateKey.exchange`,
  ``X448PrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.x448.X448PrivateKey.exchange`,
  and ``DHPrivateKey``
  :meth:`~cryptography.hazmat.primitives.asymmetric.dh.DHPrivateKey.exchange`.
.. _v42-0-1:
42.0.1 - 2024-01-24

• Fixed an issue with incorrect keyword-argument naming with EllipticCurvePrivateKey :meth:~cryptography.hazmat.primitives.asymmetric.ec.EllipticCurvePrivateKey.sign.
• Resolved compatibility issue with loading certain RSA public keys in :func:~cryptography.hazmat.primitives.serialization.load_pem_public_key.

.. _v42-0-0:

42.0.0 - 2024-01-22

</tr></table> 

... (truncated)

Commits

• fe18470 Bump for 42.0.4 release (#10445)
• aaa2dd0 Fix ASN.1 issues in PKCS#7 and S/MIME signing (#10373) (#10442)
• 7a4d012 Fixes #10422 -- don't crash when a PKCS#12 key and cert don't match (#10423) ...
• df314bb backport actions m1 switch to 42.0.x (#10415)
• c49a7a5 changelog and version bump for 42.0.3 (#10396)
• 396bcf6 fix provider loading take two (#10390) (#10395)
• 0e0e46f backport: initialize openssl's legacy provider in rust (#10323) (#10333)
• 2202123 changelog and version bump 42.0.2 (#10268)
• f7032bd bump openssl in CI (#10298) (#10299)
• 002e886 Fixes #10294 -- correct accidental change to exchange kwarg (#10295) (#10296)
• Additional commits viewable in compare view

Updates flask from 2.2.2 to 2.2.5

Release notes

Sourced from flask's releases.

2.2.5

This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

• Security advisory: GHSA-m2qf-hxjv-5gpq, CVE-2023-30861
• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-5
• Milestone: https://github.com/pallets/flask/milestone/30?closed=1

2.2.4

This is a fix release for the 2.2.x release branch.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-4
• Milestone: https://github.com/pallets/flask/milestone/27?closed=1

2.2.3

This is a fix release for the 2.2.x release branch.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-3
• Milestone: https://github.com/pallets/flask/milestone/26?closed=1

Changelog

Sourced from flask's changelog.

Version 2.2.5

Released 2023-05-02

• Update for compatibility with Werkzeug 2.3.3.
• Set Vary: Cookie header when the session is accessed, modified, or refreshed.

Version 2.2.4

Released 2023-04-25

• Update for compatibility with Werkzeug 2.3.

Version 2.2.3

Released 2023-02-15

• Autoescape is enabled by default for .svg template files. :issue:4831
• Fix the type of template_folder to accept pathlib.Path. :issue:4892
• Add --debug option to the flask run command. :issue:4777

Commits

• 47af817 release version 2.2.5
• afd63b1 Merge pull request #5109 from pallets/backport-vary-cookie
• 8646edc set Vary: Cookie header consistently for session
• a6367da Merge pull request #5108 from pallets/werkzeug-compat
• 3fbfbad werkzeug 2.3.3 compatibility
• 726d3f4 start version 2.2.5
• ddc7acc Merge pull request #5081 from pallets/release-2.2.4
• 74e0329 release version 2.2.4
• 2d46068 update dev env
• 64bc458 update dev dependencies
• Additional commits viewable in compare view

Updates gunicorn from 21.2.0 to 22.0.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12

** Breaking changes **

minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)

** SECURITY **

fix CVE-2024-1135

1. Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
2. Packages: https://pypi.org/project/gunicorn/

Commits

• f63d59e bump to 22.0
• 4ac81e0 Merge pull request #3175 from e-kwsm/typo
• 401cecf Merge pull request #3179 from dhdaines/exclude-eventlet-0360
• 0243ec3 fix(deps): exclude eventlet 0.36.0
• 628a0bc chore: fix typos
• 88fc4a4 Merge pull request #3131 from pajod/patch-py12-rebased
• deae2fc CI: back off the agressive timeout
• f470382 docs: promise 3.12 compat
• 5e30bfa add changelog to project.urls (updated for PEP621)
• 481c3f9 remove setup.cfg - overridden by pyproject.toml
• Additional commits viewable in compare view

Updates idna from 3.4 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6 (2023-11-25) ++++++++++++++++

• Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

• Update to Unicode 15.1.0
• String codec name is now "idna2008" as overriding the system codec "idna" was not working.
• Fix typing error for codec encoding
• "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
• Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
• Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

Commits

• 1d365e1 Release v3.7
• c1b3154 Merge pull request #172 from kjd/optimize-contextj
• 0394ec7 Merge branch 'master' into optimize-contextj
• cd58a23 Merge pull request #152 from elliotwutingfeng/dev
• 5beb28b More efficient resolution of joiner contexts
• 1b12148 Update ossf/scorecard-action to v2.3.1
• d516b87 Update Github actions/checkout to v4
• c095c75 Merge branch 'master' into dev
• 60a0a4c Fix typo in GitHub Actions workflow key
• 5918a0e Merge branch 'master' into dev
• Additional commits viewable in compare view

Updates imagecodecs from 2021.8.26 to 2023.9.18

Release notes

Sourced from imagecodecs's releases.

v2023.9.18

Image transformation, compression, and decompression codecs

Imagecodecs is a Python library that provides block-oriented, in-memory buffer transformation, compression, and decompression functions for use in Tifffile, Czifile, Zarr, kerchunk, and other scientific image input/output packages.

Decode and/or encode functions are implemented for Zlib (DEFLATE), GZIP, ZStandard (ZSTD), Blosc, Brotli, Snappy, LZMA, BZ2, LZ4, LZ4F, LZ4HC, LZ4H5, LZW, LZF, LZFSE, LZHAM, PGLZ (PostgreSQL LZ), RCOMP (Rice), ZFP, AEC, SZIP, LERC, EER, NPY, BCn, DDS, PNG, APNG, GIF, TIFF, WebP, QOI, JPEG 8 and 12-bit, Lossless JPEG (LJPEG, LJ92, JPEGLL), JPEG 2000 (JP2, J2K), JPEG LS, JPEG XL, JPEG XR (WDP, HD Photo), MOZJPEG, AVIF, HEIF, RGBE (HDR), Jetraw, PackBits, Packed Integers, Delta, XOR Delta, Floating Point Predictor, Bitorder reversal, Byteshuffle, Bitshuffle, Quantize (Scale, BitGroom, BitRound, GranularBR), Float24 (24-bit floating point), and CMS (color space transformations). Checksum functions are implemented for crc32, adler32, fletcher32, and Jenkins lookup3.

v2023.9.4

Imagecodecs is a Python library that provides block-oriented, in-memory buffer transformation, compression, and decompression functions for use in Tifffile, Czifile, Zarr, kerchunk, and other scientific image input/output packages.

Decode and/or encode functions are implemented for Zlib (DEFLATE), GZIP, ZStandard (ZSTD), Blosc, Brotli, Snappy, LZMA, BZ2, LZ4, LZ4F, LZ4HC, LZ4H5, LZW, LZF, LZFSE, LZHAM, PGLZ (PostgreSQL LZ), RCOMP (Rice), ZFP, AEC, SZIP, LERC, EER, NPY, BCn, DDS, PNG, APNG, GIF, TIFF, WebP, QOI, JPEG 8 and 12-bit, Lossless JPEG (LJPEG, LJ92, JPEGLL), JPEG 2000 (JP2, J2K), JPEG LS, JPEG XL, JPEG XR (WDP, HD Photo), MOZJPEG, AVIF, HEIF, RGBE (HDR), Jetraw, PackBits, Packed Integers, Delta, XOR Delta, Floating Point Predictor, Bitorder reversal, Byteshuffle, Bitshuffle, Quantize (Scale, BitGroom, BitRound, GranularBR), Float24 (24-bit floating point), and CMS (color space transformations). Checksum functions are implemented for crc32, adler32, fletcher32, and Jenkins lookup3.

v2023.8.12

Imagecodecs is a Python library that provides block-oriented, in-memory buffer transformation, compression, and decompression functions for use in Tifffile, Czifile, Zarr, kerchunk, and other scientific image input/output packages.

Decode and/or encode functions are implemented for Zlib (DEFLATE), GZIP, ZStandard (ZSTD), Blosc, Brotli, Snappy, LZMA, BZ2, LZ4, LZ4F, LZ4HC, LZW, LZF, LZFSE, LZHAM, PGLZ (PostgreSQL LZ), RCOMP (Rice), ZFP, AEC, SZIP, LERC, EER, NPY, BCn, DDS, PNG, APNG, GIF, TIFF, WebP, QOI, JPEG 8-bit, JPEG 12-bit, Lossless JPEG (LJPEG, LJ92, JPEGLL), JPEG 2000 (JP2, J2K), JPEG LS, JPEG XL, JPEG XR (WDP, HD Photo), MOZJPEG, AVIF, HEIF, RGBE (HDR), Jetraw, PackBits, Packed Integers, Delta, XOR Delta, Floating Point Predictor, Bitorder reversal, Byteshuffle, Bitshuffle, CMS (color space transformations), and Float24 (24-bit floating point). Checksum functions are implemented for crc32, adler32, fletcher32, and Jenkins lookup3.

v2023.7.10

Imagecodecs is a Python library that provides block-oriented, in-memory buffer transformation, compression, and decompression functions for use in Tifffile, Czifile, Zarr, kerchunk, and other scientific image input/output packages.

Decode and/or encode functions are implemented for Zlib (DEFLATE), GZIP, ZStandard (ZSTD), Blosc, Brotli, Snappy, LZMA, BZ2, LZ4, LZ4F, LZ4HC, LZW, LZF, LZFSE, LZHAM, PGLZ (PostgreSQL LZ), RCOMP (Rice), ZFP, AEC, SZIP, LERC, NPY, BCn, DDS, PNG, APNG, GIF, TIFF, WebP, QOI, JPEG 8-bit, JPEG 12-bit, Lossless JPEG (LJPEG, LJ92, JPEGLL), JPEG 2000 (JP2, J2K), JPEG LS, JPEG XL, JPEG XR (WDP, HD Photo), MOZJPEG, AVIF, HEIF, RGBE (HDR), Jetraw, PackBits, Packed Integers, Delta, XOR Delta, Floating Point Predictor, Bitorder reversal, Byteshuffle, Bitshuffle, CMS (color space transformations), and Float24 (24-bit floating point).

v2023.7.4

Imagecodecs is a Python library that provides block-oriented, in-memory buffer transformation, compression, and decompression functions for use in Tifffile, Czifile, Zarr, kerchunk, and other scientific image input/output packages.

Decode and/or encode functions are implemented for Zlib (DEFLATE), GZIP, ZStandard (ZSTD), Blosc, Brotli, Snappy, LZMA, BZ2, LZ4, LZ4F, LZ4HC, LZW, LZF, LZFSE, LZHAM, PGLZ (PostgreSQL LZ), RCOMP (Rice), ZFP, AEC, SZIP, LERC, NPY, BCn, DDS, PNG, APNG, GIF, TIFF, WebP, QOI, JPEG 8-bit, JPEG 12-bit, Lossless JPEG (LJPEG, LJ92, JPEGLL), JPEG 2000 (JP2, J2K), JPEG LS, JPEG XL, JPEG XR (WDP, HD Photo), MOZJPEG, AVIF, HEIF, RGBE (HDR), Jetraw, PackBits, Packed Integers, Delta, XOR Delta, Floating Point Predictor, Bitorder reversal, Byteshuffle, Bitshuffle, CMS (color space transformations), and Float24 (24-bit floating point).

v2023.3.16

Imagecodecs is a Python library that provides block-oriented, in-memory buffer transformation, compression, and decompression functions for use in Tifffile, Czifile, Zarr, kerchunk, and other scientific image input/output packages.

Decode and/or encode functions are implemented for Zlib (DEFLATE), GZIP, ZStandard (ZSTD), Blosc, Brotli, Snappy, LZMA, BZ2, LZ4, LZ4F, LZ4HC, LZW, LZF, LZFSE, LZHAM, PGLZ (PostgreSQL LZ), RCOMP (Rice), ZFP, AEC, SZIP, LERC, NPY, PNG, APNG, GIF, TIFF, WebP, QOI, JPEG 8-bit, JPEG 12-bit, Lossless JPEG (LJPEG, LJ92, JPEGLL), JPEG 2000 (JP2, J2K), JPEG LS, JPEG XL, JPEG XR (WDP, HD Photo), MOZJPEG, AVIF, HEIF, RGBE (HDR), Jetraw, PackBits, Packed Integers, Delta, XOR Delta, Floating Point Predictor, Bitorder reversal, Byteshuffle, Bitshuffle, CMS (color space transformations), and Float24 (24-bit floating point).

v2023.1.23

Imagecodecs is a Python library that provides block-oriented, in-memory buffer transformation, compression, and decompression functions for use in Tifffile, Czifile, Zarr, kerchunk, and other scientific image input/output packages.

Decode and/or encode functions are implemented for Zlib (DEFLATE), GZIP, ZStandard (ZSTD), Blosc, Brotli, Snappy, LZMA, BZ2, LZ4, LZ4F, LZ4HC, LZW, LZF, LZFSE, LZHAM, PGLZ (PostgreSQL LZ), RCOMP (Rice), ZFP, AEC, LERC, NPY, PNG, APNG, GIF, TIFF, WebP, QOI, JPEG 8-bit, JPEG 12-bit, Lossless JPEG (LJPEG, LJ92, JPEGLL, SOF3), JPEG 2000 (JP2, J2K), JPEG LS, JPEG XL, JPEG XR (WDP, HD Photo), MOZJPEG, AVIF, HEIF, RGBE (HDR), Jetraw, PackBits, Packed Integers, Delta, XOR Delta, Floating Point Predictor, Bitorder reversal, Byteshuffle, Bitshuffle, CMS (color space transformations), and Float24 (24-bit floating point).

v2022.12.24

Imagecodecs is a Python library that provides block-oriented, in-memory buffer transformation, compression, and decompression functions for use in Tifffile, Czifile, Zarr, and other scientific image input/output packages.

Decode and/or encode functions are implemented for Zlib (DEFLATE), GZIP, ZStandard (ZSTD), Blosc, Brotli, Snappy, LZMA, BZ2, LZ4, LZ4F, LZ4HC, LZW, LZF, LZFSE, LZHAM, PGLZ (PostgreSQL LZ), RCOMP (Rice), ZFP, AEC, LERC, NPY, PNG, APNG, GIF, TIFF, WebP, QOI, JPEG 8-bit, JPEG 12-bit, Lossless JPEG (LJPEG, JPEGLL, SOF3), JPEG 2000 (JP2, J2K), JPEG LS, JPEG XR (WDP, HD Photo), JPEG XL, MOZJPEG, AVIF, HEIF, RGBE (HDR), Jetraw, PackBits, Packed Integers, Delta, XOR Delta, Floating Point Predictor, Bitorder reversal, Byteshuffle, Bitshuffle, CMS (color space transformations), and Float24 (24-bit floating point).

v2022.12.22

Imagecodecs is a Python library that provides block-oriented, in-memory buffer transformation, compression, and decompression functions for use in Tifffile, Czifile, Zarr, and other scientific image input/output packages.

Decode and/or encode functions are implemented for Zlib (DEFLATE), GZIP, ZStandard (ZSTD), Blosc, Brotli, Snappy, LZMA, BZ2, LZ4, LZ4F, LZ4HC, LZW, LZF, LZFSE, LZHAM, PGLZ (PostgreSQL LZ), RCOMP (Rice), ZFP, AEC, LERC, NPY, PNG, APNG, GIF, TIFF, WebP, QOI, JPEG 8-bit, JPEG 12-bit, Lossless JPEG (LJPEG, JPEGLL, SOF3), JPEG 2000 (JP2, J2K), JPEG LS, JPEG XR (WDP, HD Photo), JPEG XL, MOZJPEG, AVIF, HEIF, RGBE (HDR), Jetraw, PackBits, Packed Integers, Delta, XOR Delta, Floating Point Predictor, Bitorder reversal, Byteshuffle, Bitshuffle, CMS (color space transformations), and Float24 (24-bit floating point).

v2022.9.26

Imagecodecs is a Python library that provides block-oriented, in-memory buffer transformation, compression, and decompression functions for use in Tifffile, Czifile, Zarr, and other scientific image input/output packages.

... (truncated)

Changelog

Sourced from imagecodecs's changelog.

2023.9.18

• Rebuild with updated dependencies fixes CVE-2024-4863.

2023.9.4

• Map avif_encode level parameter to quality (breaking).
• Support monochrome images in avif_encode.
• Add numthreads parameter to avif_decode (fix imread of AVIF).
• Add quantize filter (BitGroom, BitRound, GBR) via nc4var.c.
• Add LZ4H5 codec.
• Support more BCn compressed DDS fourcc types.
• Require libavif 1.0.

2023.8.12

• Add EER (Electron Event Representation) decoder.
• Add option to pass initial value to crc32 and adler32 checksum functions.
• Add fletcher32 and lookup3 checksum functions via HDF5's h5checksum.c.
• Add Checksum codec for numcodecs.

2023.7.10

• Rebuild with optimized compile flags.

2023.7.4

• Add BCn and DDS decoder via bcdec library.
• Add functions to transcode JPEG XL to/from JPEG (#78).
• Add option to decode select frames from animated WebP.
• Use legacy JPEG8 codec when building without libjpeg-turbo 3 (#65).
• Change blosc2_encode defaults to match blosc2-python (breaking).
• Fix segfault writing JPEG2K with more than 4 samples.
• Fix some codecs returning bytearray by default.
• Fully vendor cfitsio's ricecomp.c.
• Drop support for Python 3.8 and numpy < 1.21 (NEP29).

2023.3.16

• Require libjpeg-turbo 2.1.91 (3.0 beta) and c-blosc2 2.7.1.
• Add experimental type hints.
• Add SZIP codec via libaec library.
• Use Zstd streaming API to decode blocks with unknown decompressed size.
• Remove unused level, index, and numthreads parameters (breaking).
• Make AEC and BLOSC constants enums (breaking).
• Capitalize numcodecs class names (breaking).
• Remove JPEG12 codec (breaking; use JPEG8 instead).
• Encode and decode lossless and 12-bit JPEG with JPEG8 codec by default.
• Remove JPEGSOF3 fallback in JPEG codec.
• Fix slow IFD seeking with libtiff 4.5.

... (truncated)

Commits

• c85049e Release v2023.9.18
• 592e321 Update CHANGES.rst
• d56fa3e Update imagecodecs/imagecodecs.py
• b68c484 Update tests/test_imagecodecs.py
• 827ca67 Update imagecodecs/libtiff.pxd
• 3d0dca3 Update imagecodecs/libwebp.pxd
• 6dee7b5 Update setup.py
• 34e8f33 Update imagecodecs/libdeflate.pxd
• 06d7bde Release v2023.9.4
• c07113f Update CHANGES.rst
• Additional commits viewable in compare view

Updates jinja2 from 3.1.2 to 3.1.4

Release notes

Sourced from jinja2's releases.

3.1.4

This is the Jinja 3.1.4 security release, which fixes security issues and bugs but does not otherwise change behavior and should not result in breaking changes.

PyPI: https://pypi.org/project/Jinja2/3.1.4/ Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-4

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. GHSA-h75v-3vvj-5mfj

3.1.3

This is a fix release for the 3.1.x feature branch.

• Fix for GHSA-h5c8-rqwp-cp95. You are affected if you are using xmlattr and passing user input as attribute keys.
• Changes: https://jinja.palletsprojects.com/en/3.1.x/changes/#version-3-1-3
• Milestone: https://github.com/pallets/jinja/milestone/15?closed=1

Changelog

Sourced from jinja2's changelog.

Version 3.1.4

Released 2024-05-05

• The xmlattr filter does not allow keys with / solidus, > greater-than sign, or = equals sign, in addition to disallowing spaces. Regardless of any validation done by Jinja, user input should never be used as keys to this filter, or must be separately validated first. :ghsa:h75v-3vvj-5mfj

Version 3.1.3

Released 2024-01-10

• Fix compiler error when checking if required blocks in parent templates are empty. :pr:1858
• xmlattr filter does not allow keys with spaces. :ghsa:h5c8-rqwp-cp95
• Make error messages stemming from invalid nesting of {% trans %} blocks more helpful. :pr:1918

Commits

• dd4a8b5 release version 3.1.4
• 0668239 Merge pull request from GHSA-h75v-3vvj-5mfj
• d655030 disallow invalid characters in keys to xmlattr filter
• a7863ba add ghsa links
• b5c98e7 start version 3.1.4
• da3a9f0 update project files (#1968)
• 0ee5eb4 satisfy formatter, linter, and strict mypy
• 20477c6 update project files (#5457)
• e491223 update pyyaml dev dependency
• 36f9885 fix pr link
• Additional commits viewable in compare view

Updates joblib from 1.1.1 to 1.2.0

Changelog

Sourced from joblib's changelog.

Release 1.2.0

• Fix a security issue where eval(pre_dispatch) could potentially run arbitrary code. Now only basic numerics are supported. joblib/joblib#1327

• Make sure that joblib works even when multiprocessing is not available, for instance with Pyodide joblib/joblib#1256

• Avoid unnecessary warnings when workers and main process delete the temporary memmap folder contents concurrently. joblib/joblib#1263

• Fix memory alignment bug for pickles containing numpy arrays. ...

  Description has been truncated

[dependabot]

Superseded by #15.