Skip to content

chore(deps): bump nltk from 3.9.3 to 3.9.4#30

Merged
bartzbeielstein merged 1 commit intomainfrom
dependabot/uv/nltk-3.9.4
Mar 30, 2026
Merged

chore(deps): bump nltk from 3.9.3 to 3.9.4#30
bartzbeielstein merged 1 commit intomainfrom
dependabot/uv/nltk-3.9.4

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Mar 30, 2026
edited
Loading

Bumps nltk from 3.9.3 to 3.9.4.

Changelog

Sourced from nltk's changelog.

Version 3.9.4 2026-03-24

  • Support Python 3.14
  • Fix bug in Levenshtein distance when substitution_cost > 2
  • Fix bug in Treebank detokeniser re quote ordering
  • Fix bug in Jaro similarity for empty strings
  • Several security enhancements
  • Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder
  • Implement TextTiling vocabulary introduction method (Hearst 1997)
  • Fix ALINE feature matrix errors and add comprehensive tests
  • Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids
  • Let downloader fallback to md5 when sha256 is unavailable
  • Several other minor bugfixes and code cleanups

Thanks to the following contributors to 3.9.4: Min-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01, jancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,

Version 3.9.3 2026-02-21

  • Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (#3468)
  • Block path traversal/arbitrary reads in nltk.data for protocol-less refs (#3467)
  • Block path traversal/abs paths in corpus readers and FS pointers (#3479, #3480)
  • Validate external StanfordSegmenter JARs using SHA256 (#3477)
  • Add optional sandbox enforcement for filestring() (#3485)
  • Maintenance: downloader/zipped models, CI/tooling updates

Thanks to the following contributors to 3.9.3: Chris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith

Version 3.9.2 2025-10-01

  • Update download checksums to use SHA256 in built index
  • Fix percentage escape in new-style string formatting
  • replace shortened URLs using goo.gl
  • Make Wordnet interoperable with various taggers and tagged corpora
  • Fix saving PerceptronTagger
  • Document how to reproduce old Wordnet studies
  • properly initialize Portuguese corpus reader
  • support for mixed rules conversion into Chomsky Normal Form
  • only import tkinter if a GUI is needed
  • issue #2112 with Corenlp
  • new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL
  • Lesk defaults to most frequent sense in case of ties

Thanks to the following contributors to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq, Christopher Smith, Ryan Mannion

Version 3.9.1 2024-08-19

... (truncated)

Commits
  • ad9c96b Update copyright year
  • 7edcddf Updates for 3.9.4 release
  • 67a2736 Merge pull request #3180 from yzhaoinuw/bug-on-edit_distance_align
  • 2b17ac5 Fix edit_distance_align backtrace for high substitution costs
  • 4b72976 Merge pull request #3018 from JuanIMartinezB/bug/shortid-longid
  • 8a5619f Merge pull request #3222 from Syzygy2048/feature/texttiling-vocabulary-introd...
  • c6574d7 Merge pull request #3289 from ihitamandal/codeflash/optimize-windowdiff-2024-...
  • 98ff5d9 Merge pull request #3435 from Hrudhai01/fix-3260-detokenize-quotes
  • aec4fce Merge pull request #3522 from ekaf/pathsec
  • eec4ee3 Merge pull request #3526 from nltk/update-contributing
  • Additional commits viewable in compare view

@dependabot dependabot bot added dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code labels Mar 30, 2026
@dependabot dependabot bot force-pushed the dependabot/uv/nltk-3.9.4 branch 2 times, most recently from afba26f to 88722f1 Compare March 30, 2026 17:21
@dependabot
chore(deps): bump nltk from 3.9.3 to 3.9.4
663cc10 
Bumps [nltk](https://github.com/nltk/nltk) from 3.9.3 to 3.9.4.
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.3...3.9.4)

---
updated-dependencies:
- dependency-name: nltk
  dependency-version: 3.9.4
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/uv/nltk-3.9.4 branch from 88722f1 to 663cc10 Compare March 30, 2026 17:23
@bartzbeielstein bartzbeielstein merged commit 747233f into main Mar 30, 2026
6 checks passed
@dependabot dependabot bot deleted the dependabot/uv/nltk-3.9.4 branch March 30, 2026 17:23
bartzbeielstein pushed a commit that referenced this pull request Mar 30, 2026
@semantic-release-bot
chore(release): 0.1.2-rc.1 [skip ci]
0eb95ce 
## <small>0.1.2-rc.1 (2026-03-30)</small>

* Merge branch 'main' into dependabot/uv/authlib-1.6.9 ([068affd](068affd))
* Merge branch 'main' into develop ([54d1b82](54d1b82))
* Merge pull request #24 from sequential-parameter-optimization/dependabot/uv/authlib-1.6.9 ([a108d39](a108d39)), closes [#24](#24)
* Merge pull request #25 from sequential-parameter-optimization/dependabot/github_actions/actions-ffd1 ([4172ca7](4172ca7)), closes [#25](#25)
* Merge pull request #26 from sequential-parameter-optimization/dependabot/uv/requests-2.33.0 ([5975db4](5975db4)), closes [#26](#26)
* Merge pull request #27 from sequential-parameter-optimization/dependabot/pip/python-deps-d0a4681fe4 ([e0a6543](e0a6543)), closes [#27](#27)
* Merge pull request #28 from sequential-parameter-optimization/dependabot/uv/cryptography-46.0.6 ([24f3105](24f3105)), closes [#28](#28)
* Merge pull request #30 from sequential-parameter-optimization/dependabot/uv/nltk-3.9.4 ([747233f](747233f)), closes [#30](#30)
* Merge pull request #32 from sequential-parameter-optimization/dependabot/uv/pygments-2.20.0 ([401b0ce](401b0ce)), closes [#32](#32)
* fix: compressor data and qquartodoc (with README) ([7a4e661](7a4e661))
* chore(deps-dev): update uv-build requirement in the python-deps group ([b0cf6a8](b0cf6a8))
* chore(deps): bump authlib from 1.6.8 to 1.6.9 ([266e37c](266e37c))
* chore(deps): bump cryptography from 46.0.5 to 46.0.6 ([ce97b7c](ce97b7c))
* chore(deps): bump nltk from 3.9.3 to 3.9.4 ([663cc10](663cc10))
* chore(deps): bump pygments from 2.19.2 to 2.20.0 ([9e8ff43](9e8ff43))
* chore(deps): bump requests from 2.32.5 to 2.33.0 ([4eb6f40](4eb6f40))
* chore(deps): bump the actions group across 1 directory with 5 updates ([68c0ae1](68c0ae1))
@bartzbeielstein
Copy link
Copy Markdown
Contributor

bartzbeielstein commented Mar 30, 2026

🎉 This PR is included in version 0.1.2-rc.1 🎉

The release is available on GitHub release

Your semantic-release bot 📦🚀

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python:uv Pull requests that update python:uv code released on @develop

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@bartzbeielstein