Bump the pip group across 2 directories with 21 updates

[dependabot]

Bumps the pip group with 15 updates in the /resources/libraries directory:

Package	From	To
idna	2.10	3.7
joblib	1.0.1	1.4.2
virtualenv	20.4.7	20.26.6
tornado	6.1	6.4.2
gunicorn	20.1.0	23.0.0
pymysql	1.0.2	1.1.1
dgl	0.6.1	2.2.1
keras	2.4.3	3.9.0
lightgbm	3.2.1	4.6.0
luigi	3.0.3	3.6.0
mlflow	1.18.0	2.20.3
onnx	1.9.0	1.17.0
sagemaker	2.47.1	2.237.3
scrapy	2.5.0	2.11.2
streamlit	0.83.0	1.37.0

Bumps the pip group with 19 updates in the /resources/tests directory:

Package	From	To
idna	2.10	3.7
joblib	1.0.1	1.4.2
gunicorn	20.1.0	23.0.0
pymysql	1.0.2	1.1.1
dgl	0.6.1	2.2.1
keras	2.4.3	3.9.0
lightgbm	3.2.1	4.6.0
luigi	3.0.3	3.6.0
mlflow	1.16.0	2.20.3
onnx	1.9.0	1.17.0
sagemaker	2.39.1	2.237.3
scrapy	2.5.0	2.11.2
streamlit	0.81.1	1.37.0
numpy	1.19.5	2.0.2
torch	1.8.1	2.6.0
transformers	4.5.1	4.48.0
jupyter-core	4.7.1	5.7.2
jupyter-server	1.8.0	2.11.2
jupyter-server-proxy	3.0.2	3.2.4

Updates idna from 2.10 to 3.7

Release notes

Sourced from idna's releases.

v3.7

What's Changed

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

Full Changelog: kjd/idna@v3.6...v3.7

Changelog

Sourced from idna's changelog.

3.7 (2024-04-11) ++++++++++++++++

• Fix issue where specially crafted inputs to encode() could take exceptionally long amount of time to process. [CVE-2024-3651]

Thanks to Guido Vranken for reporting the issue.

3.6 (2023-11-25) ++++++++++++++++

• Fix regression to include tests in source distribution.

3.5 (2023-11-24) ++++++++++++++++

• Update to Unicode 15.1.0
• String codec name is now "idna2008" as overriding the system codec "idna" was not working.
• Fix typing error for codec encoding
• "setup.cfg" has been added for this release due to some downstream lack of adherence to PEP 517. Should be removed in a future release so please prepare accordingly.
• Removed reliance on a symlink for the "idna-data" tool to comport with PEP 517 and the Python Packaging User Guide for sdist archives.
• Added security reporting protocol for project

Thanks Jon Ribbens, Diogo Teles Sant'Anna, Wu Tingfeng for contributions to this release.

3.4 (2022-09-14) ++++++++++++++++

• Update to Unicode 15.0.0
• Migrate to pyproject.toml for build information (PEP 621)
• Correct another instance where generic exception was raised instead of IDNAError for malformed input
• Source distribution uses zeroized file ownership for improved reproducibility

Thanks to Seth Michael Larson for contributions to this release.

3.3 (2021-10-13) ++++++++++++++++

• Update to Unicode 14.0.0
• Update to in-line type annotations
• Throw IDNAError exception correctly for some malformed input
• Advertise support for Python 3.10
• Improve testing regime on Github

... (truncated)

Commits

• 1d365e1 Release v3.7
• c1b3154 Merge pull request #172 from kjd/optimize-contextj
• 0394ec7 Merge branch 'master' into optimize-contextj
• cd58a23 Merge pull request #152 from elliotwutingfeng/dev
• 5beb28b More efficient resolution of joiner contexts
• 1b12148 Update ossf/scorecard-action to v2.3.1
• d516b87 Update Github actions/checkout to v4
• c095c75 Merge branch 'master' into dev
• 60a0a4c Fix typo in GitHub Actions workflow key
• 5918a0e Merge branch 'master' into dev
• Additional commits viewable in compare view

Updates joblib from 1.0.1 to 1.4.2

Release notes

Sourced from joblib's releases.

1.4.2

What's Changed

• TST add a test that ensures conservation of byte order during IPC by @​fcharras in joblib/joblib#1562
• DOC fix typos in CHANGES.rst by @​cclauss in joblib/joblib#1571
• DOC typo in docs by @​jmerkow in joblib/joblib#1574
• FIX revert MemorizedFunc.call API change by @​tomMoral in joblib/joblib#1576

New Contributors

• @​jmerkow made their first contribution in joblib/joblib#1574

Full Changelog: joblib/joblib@1.4.0...1.4.2

Joblib 1.4.0

What's Changed

• FIX raise iterator exception in user's thread by @​tomMoral in joblib/joblib#1491
• MAINT: Update byte_bounds import by @​mtsokol in joblib/joblib#1501
• FEA Implement generator unordered parameter by @​fcharras in joblib/joblib#1463
• MAINT: Cleanup expired ndarray methods by @​mtsokol in joblib/joblib#1506
• Fix README cloning url by @​andreaso in joblib/joblib#1508
• Fix README archive download link by @​andreaso in joblib/joblib#1509
• Prefer https:// links in the documentation by @​andreaso in joblib/joblib#1510
• Stricter Dask tests cleanup by @​ogrisel in joblib/joblib#1514
• CLN simplify code for easier read by @​tomMoral in joblib/joblib#1517
• Vendor cloudpickle 3.0.0 and drop support for Python 3.7. by @​ogrisel in joblib/joblib#1515
• MNT Fix Python 3.12 deprecation warning by @​lesteve in joblib/joblib#1518
• FIX _get_items_to_delete raising error when items list empty by @​Dr-Blank in joblib/joblib#1503
• Update dask backend for compatibility with return_as=generator by @​fcharras in joblib/joblib#1520
• DOC: Best randomness with Parallel generators by @​paquiteau in joblib/joblib#1490
• MTN update ci pipelines to use python3.8 + test more pypy versions by @​fcharras in joblib/joblib#1487
• MNT Restart readthedoc pipeline by @​fcharras in joblib/joblib#1524
• FIX Close cleanly distributed Client at the end of unit tests by @​fcharras in joblib/joblib#1526
• Add pytest 8.x compatability by @​mr-c in joblib/joblib#1553
• n_jobs parameter in instantiation of Parallel should be an integer by @​androids-electric-sheep in joblib/joblib#1549
• DOC : updated n_jobs docs in Parallel class by @​Schefflera-Arboricola in joblib/joblib#1537
• CI Fix url for scikit-learn nightly builds by @​jeremiedbb in joblib/joblib#1567
• ENH allow caching coroutine functions by @​gsakkis in joblib/joblib#894
• DOC consistent default formating in doc by @​tomMoral in joblib/joblib#1565
• DOC add gotcha on non-reproducible pickling by @​tomMoral in joblib/joblib#1566
• RELEASE 1.4.0 by @​tomMoral in joblib/joblib#1568

New Contributors

• @​mtsokol made their first contribution in joblib/joblib#1501
• @​andreaso made their first contribution in joblib/joblib#1508
• @​Dr-Blank made their first contribution in joblib/joblib#1503
• @​paquiteau made their first contribution in joblib/joblib#1490
• @​mr-c made their first contribution in joblib/joblib#1553
• @​androids-electric-sheep made their first contribution in joblib/joblib#1549
• @​Schefflera-Arboricola made their first contribution in joblib/joblib#1537
• @​gsakkis made their first contribution in joblib/joblib#894

... (truncated)

Changelog

Sourced from joblib's changelog.

Release 1.4.2 -- 2024/05/02

Due to maintenance issues, 1.4.1 was not valid and we bumped the version to 1.4.2

• Fix a backward incompatible change in MemorizedFunc.call which needs to return the metadata. Also make sure that NotMemorizedFunc.call return an empty dict for metadata for consistency. joblib/joblib#1576

Release 1.4.0 -- 2024/04/08

• Allow caching co-routines with Memory.cache. joblib/joblib#894

• Try to cast n_jobs to int in parallel and raise an error if it fails. This means that n_jobs=2.3 will now result in effective_n_jobs=2 instead of failing. joblib/joblib#1539

• Ensure that errors in the task generator given to Parallel's call are raised in the results consumming thread. joblib/joblib#1491

• Adjust codebase to NumPy 2.0 by changing np.NaN to np.nan and importing byte_bounds from np.lib.array_utils. joblib/joblib#1501

• The parameter return_as in joblib.Parallel can now be set to generator_unordered. In this case the results will be returned in the order of task completion rather than the order of submission. joblib/joblib#1463

• dask backend now supports return_as=generator and return_as=generator_unordered. joblib/joblib#1520

• Vendor cloudpickle 3.0.0 and end support for Python 3.7 which has reached end of life. joblib/joblib#1487 joblib/joblib#1515

Release 1.3.2 -- 2023/08/08

• Fix a regression in joblib.Parallel introduced in 1.3.0 where explicitly setting n_jobs=None was not interpreted as "unset".

... (truncated)

Commits

• d46857a RELEASE 1.4.2 - bugfix release (#1579)
• 1787fb7 MTN back to dev mode
• 118ad37 RELEASE 1.4.1 - bugfix release (#1578)
• 398d8ee FIX revert MemorizedFunc.call API change (#1576)
• 2be8dcd DOC fix return_as="generator_unordered" in docs (#1574)
• 4db39eb CLN fix spelling typo with codespell (#1571)
• 1b0d1f4 TST add a non-regression test ensuring conservation of byte order during IPC ...
• 59659e0 MTN remove deprecated bytes_limit (#1569)
• f57a721 MTN handle changes from master->main + remove master process terminology
• ba1d3da MTN back to dev mode
• Additional commits viewable in compare view

Updates virtualenv from 20.4.7 to 20.26.6

Release notes

Sourced from virtualenv's releases.

20.26.6

What's Changed

• release 20.26.5 by @​gaborbernat in pypa/virtualenv#2766
• Fix #2768: Quote template strings in activation scripts by @​y5c4l3 in pypa/virtualenv#2771

New Contributors

• @​y5c4l3 made their first contribution in pypa/virtualenv#2771

Full Changelog: pypa/virtualenv@20.26.5...20.26.6

20.26.5

What's Changed

• release 20.26.4 by @​gaborbernat in pypa/virtualenv#2761
• Use uv over pip by @​gaborbernat in pypa/virtualenv#2765

Full Changelog: pypa/virtualenv@20.26.4...20.26.5

20.26.4

What's Changed

• release 20.26.3 by @​gaborbernat in pypa/virtualenv#2742
• Fix whitespace around backticks in changelog by @​edmorley in pypa/virtualenv#2751
• Test latest Python 3.13 by @​hugovk in pypa/virtualenv#2752
• Fix typo in Nushell activation script by @​edmorley in pypa/virtualenv#2754
• GitHub Actions: Replace deprecated macos-12 with macos-13 by @​hugovk in pypa/virtualenv#2756
• Fix #2728: Activating venv create unwanted console output by @​ShootGan in pypa/virtualenv#2748
• Upgrade bundled wheels by @​gaborbernat in pypa/virtualenv#2760

New Contributors

• @​ShootGan made their first contribution in pypa/virtualenv#2748

Full Changelog: pypa/virtualenv@20.26.3...20.26.4

20.26.3

What's Changed

• release 20.26.2 by @​gaborbernat in pypa/virtualenv#2724
• Bump embeded wheels by @​gaborbernat in pypa/virtualenv#2741

Full Changelog: pypa/virtualenv@20.26.2...20.26.3

20.26.2

... (truncated)

Changelog

Sourced from virtualenv's changelog.

v20.26.6 (2024-09-27)

Bugfixes - 20.26.6

- Properly quote string placeholders in activation script templates to mitigate
  potential command injection - by :user:`y5c4l3`. (:issue:`2768`)
v20.26.5 (2024-09-17)
Bugfixes - 20.26.5

• Upgrade embedded wheels: setuptools to 75.1.0 from 74.1.2 - by :user:gaborbernat. (:issue:2765)

v20.26.4 (2024-09-07)

Bugfixes - 20.26.4

- no longer create `()` output in console during activation of a virtualenv by .bat file. (:issue:`2728`)
- Upgrade embedded wheels:

wheel to 0.44.0 from 0.43.0
pip to 24.2 from 24.1
setuptools to 74.1.2 from 70.1.0 (:issue:2760)

v20.26.3 (2024-06-21)
Bugfixes - 20.26.3

• Upgrade embedded wheels:

  • setuptools to 70.1.0 from 69.5.1
  • pip to 24.1 from 24.0 (:issue:2741)

v20.26.2 (2024-05-13)

Bugfixes - 20.26.2

- ``virtualenv.pyz`` no longer fails when zipapp path contains a symlink - by :user:`HandSonic` and :user:`petamas`. (:issue:`1949`)
- Fix bad return code from activate.sh if hashing is disabled - by :user:'fenkes-ibm'. (:issue:`2717`)
v20.26.1 (2024-04-29)
Bugfixes - 20.26.1

... (truncated)

Commits

• ec04726 release 20.26.6
• 86ddded Fix #2768: Quote template strings in activation scripts (#2771)
• 6bb3f62 [pre-commit.ci] pre-commit autoupdate (#2769)
• 220d49c Bump pypa/gh-action-pypi-publish from 1.10.1 to 1.10.2 (#2767)
• cf340c8 Merge pull request #2766 from pypa/release-20.26.5
• f3172b4 release 20.26.5
• 22b9795 Use uv over pip (#2765)
• 35d8269 [pre-commit.ci] pre-commit autoupdate (#2764)
• ee77feb [pre-commit.ci] pre-commit autoupdate (#2763)
• c516056 Update README.md
• Additional commits viewable in compare view

Updates tornado from 6.1 to 6.4.2

Changelog

Sourced from tornado's changelog.

Release notes

.. toctree:: :maxdepth: 2

releases/v6.4.2 releases/v6.4.1 releases/v6.4.0 releases/v6.3.3 releases/v6.3.2 releases/v6.3.1 releases/v6.3.0 releases/v6.2.0 releases/v6.1.0 releases/v6.0.4 releases/v6.0.3 releases/v6.0.2 releases/v6.0.1 releases/v6.0.0 releases/v5.1.1 releases/v5.1.0 releases/v5.0.2 releases/v5.0.1 releases/v5.0.0 releases/v4.5.3 releases/v4.5.2 releases/v4.5.1 releases/v4.5.0 releases/v4.4.3 releases/v4.4.2 releases/v4.4.1 releases/v4.4.0 releases/v4.3.0 releases/v4.2.1 releases/v4.2.0 releases/v4.1.0 releases/v4.0.2 releases/v4.0.1 releases/v4.0.0 releases/v3.2.2 releases/v3.2.1 releases/v3.2.0 releases/v3.1.1 releases/v3.1.0 releases/v3.0.2 releases/v3.0.1 releases/v3.0.0 releases/v2.4.1 releases/v2.4.0

... (truncated)

Commits

• a5ecfab Bump version to 6.4.2
• bc7df6b Fix tests with Twisted 24.7.0
• d5ba4a1 httputil: Fix quadratic performance of cookie parsing
• 2a0e1d1 Merge pull request #3388 from bdarnell/release-641
• b7af4e8 Release notes and version bump for version 6.4.1
• d65f6e7 Merge pull request #3387 from bdarnell/chunked-parsing
• 8d721a8 httputil: Only strip tabs and spaces from header values
• 7786f09 Merge pull request #3386 from bdarnell/curl-crlf
• fb119c7 http1connection: Stricter handling of transfer-encoding
• b0ffc58 curl_httpclient,http1connection: Prohibit CR and LF in headers
• Additional commits viewable in compare view

Updates gunicorn from 20.1.0 to 23.0.0

Release notes

Sourced from gunicorn's releases.

23.0.0

Gunicorn 23.0.0 has been released. This version improve HTTP 1.1. support and which improve safety

You're invited to upgrade asap your own installation.

23.0.0 - 2024-08-10

• minor docs fixes (:pr:3217, :pr:3089, :pr:3167)
• worker_class parameter accepts a class (:pr:3079)
• fix deadlock if request terminated during chunked parsing (:pr:2688)
• permit receiving Transfer-Encodings: compress, deflate, gzip (:pr:3261)
• permit Transfer-Encoding headers specifying multiple encodings. note: no parameters, still (:pr:3261)
• sdist generation now explicitly excludes sphinx build folder (:pr:3257)
• decode bytes-typed status (as can be passed by gevent) as utf-8 instead of raising TypeError (:pr:2336)
• raise correct Exception when encounting invalid chunked requests (:pr:3258)
• the SCRIPT_NAME and PATH_INFO headers, when received from allowed forwarders, are no longer restricted for containing an underscore (:pr:3192)
• include IPv6 loopback address [::1] in default for :ref:forwarded-allow-ips and :ref:proxy-allow-ips (:pr:3192)

** NOTE **

• The SCRIPT_NAME change mitigates a regression that appeared first in the 22.0.0 release
• Review your :ref:forwarded-allow-ips setting if you are still not seeing the SCRIPT_NAME transmitted
• Review your :ref:forwarder-headers setting if you are missing headers after upgrading from a version prior to 22.0.0

** Breaking changes **

• refuse requests where the uri field is empty (:pr:3255)
• refuse requests with invalid CR/LR/NUL in heade field values (:pr:3253)
• remove temporary --tolerate-dangerous-framing switch from 22.0 (:pr:3260)
• If any of the breaking changes affect you, be aware that now refused requests can post a security problem, especially so in setups involving request pipe-lining and/or proxies.

Fix CVE-2024-1135

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
</tr></table>

... (truncated)

Commits

• 411986d fix doc
• 334392e Merge pull request #2559 from laggardkernel/bugfix/reexec-env
• e75c353 Merge pull request #3189 from pajod/patch-py36
• 9357b28 keep document user in access_log_format setting
• 79fdef0 bump to 23.0.0
• 3acd9fb Merge pull request #2620 from talkerbox/improve-access-log-format-docs
• 3f56d76 Merge pull request #3192 from pajod/patch-allowed-script-name
• 256d474 docs: revert duped directive
• ffa48b5 test: default change was intentional
• 52538ca docs: recommend SCRIPT_NAME=/subfolder
• Additional commits viewable in compare view

Updates pymysql from 1.0.2 to 1.1.1

Release notes

Sourced from pymysql's releases.

v1.1.1

[!WARNING] This release fixes a vulnerability (CVE-2024-36039). All users are recommended to update to this version.

If you can not update soon, check the input value from untrusted source has an expected type. Only dict input from untrusted source can be an attack vector.

What's Changed

• Prohibit dict parameter for Cursor.execute(). It didn't produce valid SQL and might cause SQL injection. (CVE-2024-36039)
• Added ssl_key_password param by @​svaskov in PyMySQL/PyMySQL#1145

Merged PRs

• Add support for Python 3.12 by @​hugovk in PyMySQL/PyMySQL#1134
• chore(deps): update actions/checkout action to v4 by @​renovate in PyMySQL/PyMySQL#1136
• Update codecov/codecov-action action to v4 by @​renovate in PyMySQL/PyMySQL#1137
• ci: use codecov@v3 by @​methane in PyMySQL/PyMySQL#1142
• chore(deps): update dessant/lock-threads action to v5 by @​renovate in PyMySQL/PyMySQL#1141
• doc: use rtd theme by @​methane in PyMySQL/PyMySQL#1143
• use Ruff as formatter by @​methane in PyMySQL/PyMySQL#1144
• chore(deps): update dependency sphinx-rtd-theme to v2 by @​renovate in PyMySQL/PyMySQL#1147
• chore(deps): update actions/setup-python action to v5 by @​renovate in PyMySQL/PyMySQL#1152
• chore(deps): update github/codeql-action action to v3 by @​renovate in PyMySQL/PyMySQL#1154
• chore(deps): update codecov/codecov-action action to v4 by @​renovate in PyMySQL/PyMySQL#1158
• Support error packet without sqlstate by @​methane in PyMySQL/PyMySQL#1160
• test json - mariadb without JSON type by @​grooverdan in PyMySQL/PyMySQL#1165

New Contributors

• @​hugovk made their first contribution in PyMySQL/PyMySQL#1134
• @​svaskov made their first contribution in PyMySQL/PyMySQL#1145

Full Changelog: PyMySQL/PyMySQL@v1.1.0...v1.1.1

v1.1.0

What's Changed

• Remove redundant wheel dep from pyproject.toml by @​mgorny in PyMySQL/PyMySQL#1099
• ci: Fix black options by @​methane in PyMySQL/PyMySQL#1109
• Remove unused function by @​methane in PyMySQL/PyMySQL#1108
• Expose Cursor.warning_count by @​Nothing4You in PyMySQL/PyMySQL#1056
• Add constants and tests related to query timeouts by @​Nothing4You in PyMySQL/PyMySQL#1033
• Fix SSCursor raising query timeout error on wrong query on MySQL DB by @​Nothing4You in PyMySQL/PyMySQL#1035
• Make Cursor an iterator by @​sanchezg in PyMySQL/PyMySQL#995
• ci: Update CodeQL workflow by @​methane in PyMySQL/PyMySQL#1110
• Use Ruff instead of flake8 by @​methane in PyMySQL/PyMySQL#1112
• Use Codecov instead of coveralls. by @​methane in PyMySQL/PyMySQL#1113
• optionfile: Replace _ with - by @​methane in PyMySQL/PyMySQL#1114
• Cursor.fetchall() always return list. by @​methane in PyMySQL/PyMySQL#1115

... (truncated)

Changelog

Sourced from pymysql's changelog.

v1.1.1

Release date: 2024-05-21

[!WARNING] This release fixes a vulnerability (CVE-2024-36039). All users are recommended to update to this version.

If you can not update soon, check the input value from untrusted source has an expected type. Only dict input from untrusted source can be an attack vector.

• Prohibit dict parameter for Cursor.execute(). It didn't produce valid SQL and might cause SQL injection. (CVE-2024-36039)
• Added ssl_key_password param. #1145

v1.1.0

Release date: 2023-06-26

• Fixed SSCursor raising OperationalError for query timeouts on wrong statement (#1032)
• Exposed Cursor.warning_count to check for warnings without additional query (#1056)
• Make Cursor iterator (#995)
• Support '_' in key name in my.cnf (#1114)
• Cursor.fetchall() returns empty list instead of tuple (#1115). Note that Cursor.fetchmany() still return empty tuple after reading all rows for compatibility with Django.
• Deprecate Error classes in Cursor class (#1117)
• Add Connection.set_character_set(charset, collation=None). This method is compatible with mysqlclient. (#1119)
• Deprecate Connection.set_charset(charset) (#1119)
• New connection always send "SET NAMES charset [COLLATE collation]" query. (#1119) Since collation table is vary on MySQL server versions, collation in handshake is fragile.
• Support charset="utf8mb3" option (#1127)

v1.0.3

Release date: 2023-03-28

• Dropped support of end of life MySQL version 5.6
• Dropped support of end of life MariaDB versions below 10.3
• Dropped support of end of life Python version 3.6
• Removed _last_executed because of duplication with _executed by @​rajat315315 in PyMySQL/PyMySQL#948
• Fix generating authentication response with long strings by @​netch80 in PyMySQL/PyMySQL#988
• update pymysql.constants.CR by @​Nothing4You in PyMySQL/PyMySQL#1029
• Document that the ssl connection parameter can be an SSLContext by @​cakemanny in PyMySQL/PyMySQL#1045
• Raise ProgrammingError on -np.inf in addition to np.inf by @​cdcadman in PyMySQL/PyMySQL#1067
• Use Python 3.11 release instead of -dev in tests by @​Nothing4You in PyMySQL/PyMySQL#1076

Commits

• 2cab9ec v1.1.1
• 521e400 forbid dict parameter
• 7f032a6 remove coveralls from requirements
• 69f6c74 ruff format
• b4ed688 test json - mariadb without JSON type (#1165)
• bbd049f Support error packet without sqlstate (#1160)
• 9694747 pyupgrade
• 1f0b785 chore(deps): update codecov/codecov-action action to v4 (#1158)
• 1e28be8 chore(deps): update github/codeql-action action to v3 (#1154)
• f13f054 chore(deps): update actions/setup-python action to v5 (#1152)
• Additional commits viewable in compare view

Updates dgl from 0.6.1 to 2.2.1

Release notes

Sourced from dgl's releases.

v2.2.1

We're thrilled to announce the release of DGL 2.2.1. 🎉🎉🎉

Major Changes

• The supported PyTorch versions are 2.1.0/1/2, 2.2.0/1/2, 2.3.0. See install command here.
• MiniBatch in GraphBolt is refactored: seed_nodes and node_paris are replaced with unified seeds attribute through out the pipeline. Refer to the latest examples for more details. by @​yxy235
• GraphBolt sampling is enabled in DistGL for node classification. See examples here.
• [GraphBolt] Optimize hetero sampling on CPU by @​RamonZhou in dmlc/dgl#7360
• [GraphBolt] torch.compile() support for gb.expand_indptr. by @​mfbalin in dmlc/dgl#7188
• [GraphBolt] Make unique_and_compact deterministic by @​RamonZhou in dmlc/dgl#7217, #7239
• [GraphBolt] Hyperlink support in subgraph_sampler. by @​yxy235 in dmlc/dgl#7354
• [GraphBolt] More features of dgl.dataloading.LaborSampler in gb.LayerNeighborSampler, added layer_dependency and batch_dependency parameters. #7205, #7208, #7212, #7220 by @​mfbalin
• [GraphBolt][CUDA] Faster GPU neighbor sampling and compaction kernels. #7239, #7215 by @​mfbalin
• [GraphBolt][CUDA] Better hetero CPU&GPU performance via fused kernels. #7223, #7312 by @​mfbalin
• [GraphBolt][CUDA] GPU synchronizations eliminated throughout the sampling pipeline. #7240, #7264 by @​mfbalin

Bug Fixes

• [DistGB] revert toindex() but refine tests by @​Rhett-Ying in dmlc/dgl#7197
• [GraphBolt] PyG advanced example torch.compile() bug workaround. by @​mfbalin in dmlc/dgl#7259
• [CUDA][Bug] CSR transpose bug in CUDA 12 by @​mfbalin in dmlc/dgl#7295
• [Determinism] Enable environment var to use cusparse spmm deterministic algorithm by @​TristonC in dmlc/dgl#7310

New Contributors

• @​Chaos-Hu-edu made their first contribution in dmlc/dgl#7219
• @​MikuSugar made their first contribution in dmlc/dgl#7258
• @​pyynb made their first contribution in dmlc/dgl#7267

Full Changelog: dmlc/dgl@v2.1.0...v2.2.1

v2.1.0

We're thrilled to announce the release of DGL 2.1.0. 🎉🎉🎉

Major Changes:

1. CUDA backend of GraphBolt is now available. Thanks @​mfbalin for the extraordinary effort. See the updated examples.
2. PyTorch 1.13 is not supported any more. The supported PyTorch versions are 2.0.0/1, 2.1.0/1/2, 2.2.0/1.
3. CUDA 11.6 is not supported any more. The supported CUDA versions are 11.7, 11.8, 12.1.
4. Data loading performance improvements via pipeline parallelism in #7039 and #6954, see the new gb.DataLoader parameters.
5. Miscellaneous operation/kernel optimizations.
6. Add support for converting sampling output of GraphBolt to PyG data format and train with PyG models seamlessly: examples.

Bug Fixes

• [Grapbolt] Negative node pairs should be 2D by @​peizhou001 in dmlc/dgl#6951
• [GraphBolt] Fix fanouts setting in rgcn example by @​RamonZhou in dmlc/dgl#6959
• [GraphBolt] fix random generator for shuffle among all workers by @​Rhett-Ying in dmlc/dgl#6982
• [GraphBolt] fix preprocess issue for single ntype/etype graph by @​Rhett-Ying in dmlc/dgl#7011
• [GraphBolt] Fix gpu NegativeSampler for seeds. by @​yxy235 in dmlc/dgl#7068
• [GraphBolt][CUDA] Fix link prediction early-stop. by @​mfbalin in dmlc/dgl#7083

New Examples

• [Feature] ARGO: an easy-to-use runtime to improve GNN training performance on multi-core processors by @​jasonlin316 in dmlc/dgl#7003

... (truncated)

Commits

• 2a1ac58 [release] bump version to 2.2.1 (#7389)
• 1b5c02c [release] cherry-pick from master and release for 2.2.1 (#7388)
• 8873fb2 [release] update version (#7373)
• f0213d2 [GraphBolt] Refactor sampling (#7367)
• 6b140f2 [GraphBolt] Hetero CPU sampling bug fix. (#7369)
• 0d9a09d [graphbolt] Disable liburing (#7366)
• 658b208 [GraphBolt] Optimize hetero sampling on CPU (#7360)
• 9090a87 [GraphBolt] Hyperlink support in subgraph_sampler. (#7354)
• ce37a93 [Temporal] Add link prediction example (#7347)
• 0de1de3 [dev] upgrade minimum required torch version to 2.0.0 (#7358)
• Additional commits viewable in compare view

Updates keras from 2.4.3 to 3.9.0

Release notes

Sourced from keras's releases.

Keras 3.9.0

New features

• Add new Keras rematerialization API: keras.RematScope and keras.remat. It can be used to turn on rematerizaliation for certain layers in fine-grained manner, e.g. only for layers larger than a certain size, or for a specific set of layers, or only for activations.
• Increase op coverage for OpenVINO backend.
• New operations:
  • keras.ops.rot90
  • keras.ops.rearrange (Einops-style)
  • keras.ops.signbit
  • keras.ops.polar
  • keras.ops.image.perspective_transform
  • keras.ops.image.gaussian_blur
• New layers:
  • keras.layers.RMSNormalization
  • keras.layers.AugMix
  • keras.layers.CutMix
  • keras.layers.RandomInvert
  • keras.layers.RandomErasing
  • keras.layers.RandomGaussianBlur
  • keras.layers.RandomPerspective
• Minor additions:
  • Add support for dtype argument to JaxLayer and FlaxLayer layers
  • Add boolean input support to BinaryAccuracy metric
  • Add antialias argument to keras.layers.Resizing layer.
• Security fix: disallow object pickling in saved npz model files (numpy format). Thanks to Peng Zhou for reporting the vulnerability.

New Contributors

• @​harshaljanjani made their first contribution in keras-team/keras#20745
• @​doncarlos999 made their first contribution in keras-team/keras#20641
• @​sonali-kumari1 made their first contribution in keras-team/keras#20775
• @​jurca made their first contribution in keras-team/keras#20810
• @​zskendall made their first contribution in keras-team/keras#20805
• @​apehex made their first contribution in keras-team/keras#20803
• @​nikolasavic3 made their first contribution in keras-te...

  Description has been truncated

  Summary by Sourcery

  Update pip package dependencies across multiple directories, upgrading 15-19 packages to their latest versions

  New Features:

  • Upgrade multiple Python packages to their latest versions, including security and feature updates

  Enhancements:

  • Systematically update package versions in libraries and test requirements files
  • Ensure compatibility with the latest package releases

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request updates multiple Python package dependencies in the /resources/libraries and /resources/tests directories by modifying the corresponding requirements files. The updates include security fixes, new features, and performance improvements.

No diagrams generated as the changes look simple and do not need a visual representation.

File-Level Changes

Change	Details	Files
Bumped the versions of multiple Python packages in the /resources/libraries directory.	Updated idna from 2.10 to 3.7. Updated joblib from 1.0.1 to 1.4.2. Updated virtualenv from 20.4.7 to 20.26.6. Updated tornado from 6.1 to 6.4.2. Updated gunicorn from 20.1.0 to 23.0.0. Updated pymysql from 1.0.2 to 1.1.1. Updated dgl from 0.6.1 to 2.2.1. Updated keras from 2.4.3 to 3.9.0. Updated lightgbm from 3.2.1 to 4.6.0. Updated luigi from 3.0.3 to 3.6.0. Updated mlflow from 1.18.0 to 2.20.3. Updated onnx from 1.9.0 to 1.17.0. Updated sagemaker from 2.47.1 to 2.237.3. Updated scrapy from 2.5.0 to 2.11.2. Updated streamlit from 0.83.0 to 1.37.0.	resources/libraries/requirements-full.txt resources/libraries/requirements-minimal.txt
Bumped the versions of multiple Python packages in the /resources/tests directory.	Updated idna from 2.10 to 3.7. Updated joblib from 1.0.1 to 1.4.2. Updated gunicorn from 20.1.0 to 23.0.0. Updated pymysql from 1.0.2 to 1.1.1. Updated dgl from 0.6.1 to 2.2.1. Updated keras from 2.4.3 to 3.9.0. Updated lightgbm from 3.2.1 to 4.6.0. Updated luigi from 3.0.3 to 3.6.0. Updated mlflow from 1.16.0 to 2.20.3. Updated onnx from 1.9.0 to 1.17.0. Updated sagemaker from 2.39.1 to 2.237.3. Updated scrapy from 2.5.0 to 2.11.2. Updated streamlit from 0.81.1 to 1.37.0. Updated numpy from 1.19.5 to 2.0.2. Updated torch from 1.8.1 to 2.6.0. Updated transformers from 4.5.1 to 4.48.0. Updated jupyter-core from 4.7.1 to 5.7.2. Updated jupyter-server from 1.8.0 to 2.11.2. Updated jupyter-server-proxy from 3.0.2 to 3.2.4.	resources/tests/requirements-full-updated.txt

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!
• Generate a plan of action for an issue: Comment @sourcery-ai plan on
  an issue to generate a plan of action for it.

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR.
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[sourcery-ai]

We have skipped reviewing this pull request. It seems to have been created by a bot (hey, dependabot[bot]!). We assume it knows what it's doing!