Skip to content

Bump the pip group across 5 directories with 9 updates#1

Open
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/PyTorch/SpeechSynthesis/FastPitch/triton/pip-c536fe71ba
Open

Bump the pip group across 5 directories with 9 updates#1
dependabot[bot] wants to merge 1 commit into
masterfrom
dependabot/pip/PyTorch/SpeechSynthesis/FastPitch/triton/pip-c536fe71ba

Conversation

@dependabot
Copy link
Copy Markdown

@dependabot dependabot Bot commented on behalf of github Jun 5, 2026

Bumps the pip group with 1 update in the /PyTorch/SpeechSynthesis/FastPitch/triton directory: onnx.
Bumps the pip group with 2 updates in the /PyTorch/SpeechSynthesis/Tacotron2/trtis_cpp/src/trt directory: onnx and torch.
Bumps the pip group with 1 update in the /TensorFlow/Recommendation/WideAndDeep directory: pyspark.
Bumps the pip group with 3 updates in the /TensorFlow2/Segmentation/nnUNet directory: tqdm, joblib and scikit-learn.
Bumps the pip group with 3 updates in the /Tools/PyTorch/TimeSeriesPredictionPlatform directory: py7zr, mlflow and gdown.

Updates onnx from 1.8.0 to 1.21.0

Release notes

Sourced from onnx's releases.

v1.21.0

ONNX v1.21.0 is now available with exciting new features! We would like to thank everyone who contributed to this release! Please visit onnx.ai to learn more about ONNX and associated projects.

What's Changed

Breaking Changes and Deprecations

Spec and Operator

Reference Implementation

Utilities and Tools

Build, CI and Tests

... (truncated)

Commits

Updates onnx from 1.5.0 to 1.21.0

Release notes

Sourced from onnx's releases.

v1.21.0

ONNX v1.21.0 is now available with exciting new features! We would like to thank everyone who contributed to this release! Please visit onnx.ai to learn more about ONNX and associated projects.

What's Changed

Breaking Changes and Deprecations

Spec and Operator

Reference Implementation

Utilities and Tools

Build, CI and Tests

... (truncated)

Commits

Updates torch from 1.3.0 to 2.8.0

Release notes

Sourced from torch's releases.

PyTorch 2.8.0 Release Notes

Highlights

... (truncated)

Changelog

Sourced from torch's changelog.

Releasing PyTorch

Release Compatibility Matrix

Following is the Release Compatibility Matrix for PyTorch releases:

... (truncated)

Commits
  • ba56102 Cherrypick: Add the RunLLM widget to the website (#159592)
  • c525a02 [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (#15...
  • a1cb3cc [Release Only] Remove nvshmem from list of preload libraries (#158925)
  • c76b235 Move out super large one off foreach_copy test (#158880)
  • 20a0e22 Revert "[Dynamo] Allow inlining into AO quantization modules (#152934)" (#158...
  • 9167ac8 [MPS] Switch Cholesky decomp to column wise (#158237)
  • 5534685 [MPS] Reimplement tri[ul] as Metal shaders (#158867)
  • d19e08d Cherry pick PR 158746 (#158801)
  • a6c044a [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...
  • 620ebd0 [Dynamo] Use proper sources for constructing dataclass defaults (#158689)
  • Additional commits viewable in compare view

Updates pyspark from 3.1.3 to 3.3.2

Commits
  • 5103e00 Preparing Spark release v3.3.2-rc1
  • 307ec98 [MINOR][SS] Fix setTimeoutTimestamp doc
  • 7205567 [SPARK-40819][SQL][FOLLOWUP] Update SqlConf version for nanosAsLong configura...
  • 3ec9b05 [SPARK-40819][SQL][3.3] Timestamp nanos behaviour regression
  • 51ed6ba [SPARK-41962][MINOR][SQL] Update the order of imports in class SpecificParque...
  • 17b7123 [SPARK-42346][SQL] Rewrite distinct aggregates after subquery merge
  • cdb494b [SPARK-42344][K8S] Change the default size of the CONFIG_MAP_MAXSIZE
  • 2d539c5 [SPARK-41554] fix changing of Decimal scale when scale decreased by m…
  • 6e0dfa9 [MINOR][DOCS][PYTHON][PS] Fix the .groupby() method docstring
  • 80e8df1 [SPARK-42259][SQL] ResolveGroupingAnalytics should take care of Python UDAF
  • Additional commits viewable in compare view

Updates tqdm from 4.62 to 4.66.3

Release notes

Sourced from tqdm's releases.

tqdm v4.66.3 stable

tqdm v4.66.2 stable

  • pandas: add DataFrame.progress_map (#1549)
  • notebook: fix HTML padding (#1506)
  • keras: fix resuming training when verbose>=2 (#1508)
  • fix format_num negative fractions missing leading zero (#1548)
  • fix Python 3.12 DeprecationWarning on import (#1519)
  • linting: use f-strings (#1549)
  • update tests (#1549)
  • CI: bump actions (#1549)

tqdm v4.66.1 stable

  • fix utils.envwrap types (#1493 <- #1491, #1320 <- #966, #1319)
    • e.g. cloudwatch & kubernetes workaround: export TQDM_POSITION=-1
  • drop mentions of unsupported Python versions

tqdm v4.66.0 stable

  • environment variables to override defaults (TQDM_*) (#1491 <- #1061, #950 <- #614, #1318, #619, #612, #370)
    • e.g. in CI jobs, export TQDM_MININTERVAL=5 to avoid log spam
    • add tests & docs for tqdm.utils.envwrap
  • fix & update CLI completion
  • fix & update API docs
  • minor code tidy: replace os.path => pathlib.Path
  • fix docs image hosting
  • release with CI bot account again (cli/cli#6680)

tqdm v4.65.2 stable

  • exclude examples from distributed wheel (#1492)

tqdm v4.65.1 stable

  • migrate setup.{cfg,py} => pyproject.toml (#1490)
    • fix asv benchmarks
    • update docs
  • fix snap build (#1490)
  • fix & update tests (#1490)
    • fix flaky notebook tests
    • bump pre-commit
    • bump workflow actions

tqdm v4.65.0 stable

  • add Python 3.11 and drop Python 3.6 support (#1439, #1419, #502 <- #720, #620)
  • misc code & docs tidy
  • fix & update CI workflows & tests

tqdm v4.64.1 stable

... (truncated)

Commits

Updates joblib from 0.16.0 to 1.2.0

Changelog

Sourced from joblib's changelog.

Release 1.2.0

  • Fix a security issue where eval(pre_dispatch) could potentially run arbitrary code. Now only basic numerics are supported. joblib/joblib#1327

  • Make sure that joblib works even when multiprocessing is not available, for instance with Pyodide joblib/joblib#1256

  • Avoid unnecessary warnings when workers and main process delete the temporary memmap folder contents concurrently. joblib/joblib#1263

  • Fix memory alignment bug for pickles containing numpy arrays. This is especially important when loading the pickle with mmap_mode != None as the resulting numpy.memmap object would not be able to correct the misalignment without performing a memory copy. This bug would cause invalid computation and segmentation faults with native code that would directly access the underlying data buffer of a numpy array, for instance C/C++/Cython code compiled with older GCC versions or some old OpenBLAS written in platform specific assembly. joblib/joblib#1254

  • Vendor cloudpickle 2.2.0 which adds support for PyPy 3.8+.

  • Vendor loky 3.3.0 which fixes several bugs including:

    • robustly forcibly terminating worker processes in case of a crash (joblib/joblib#1269);

    • avoiding leaking worker processes in case of nested loky parallel calls;

    • reliability spawn the correct number of reusable workers.

Release 1.1.1

  • Fix a security issue where eval(pre_dispatch) could potentially run arbitrary code. Now only basic numerics are supported. joblib/joblib#1327

Release 1.1.0

  • Fix byte order inconsistency issue during deserialization using joblib.load

... (truncated)

Commits
  • 5991350 Release 1.2.0
  • 3fa2188 MAINT cleanup numpy warnings related to np.matrix in tests (#1340)
  • cea26ff CI test the future loky-3.3.0 branch (#1338)
  • 8aca6f4 MAINT: remove pytest.warns(None) warnings in pytest 7 (#1264)
  • 067ed4f XFAIL test_child_raises_parent_exits_cleanly with multiprocessing (#1339)
  • ac4ebd5 MAINT add back pytest warnings plugin (#1337)
  • a23427d Test child raises parent exits cleanly more reliable on macos (#1335)
  • ac09691 [MAINT] various test updates (#1334)
  • 4a314b1 Vendor loky 3.2.0 (#1333)
  • bdf47e9 Make test_parallel_with_interactively_defined_functions_default_backend timeo...
  • Additional commits viewable in compare view

Updates scikit-learn from 0.23.2 to 1.5.0

Release notes

Sourced from scikit-learn's releases.

Scikit-learn 1.5.0

We're happy to announce the 1.5.0 release.

You can read the release highlights under https://scikit-learn.org/stable/auto_examples/release_highlights/plot_release_highlights_1_5_0.html and the long version of the change log under https://scikit-learn.org/stable/whats_new/v1.5.html

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

Scikit-learn 1.4.2

We're happy to announce the 1.4.2 release.

This release only includes support for numpy 2.

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

Scikit-learn 1.4.1.post1

We're happy to announce the 1.4.1.post1 release.

You can see the changelog here: https://scikit-learn.org/stable/whats_new/v1.4.html#version-1-4-1-post1

This version supports Python versions 3.9 to 3.12.

You can upgrade with pip as usual:

pip install -U scikit-learn

The conda-forge builds can be installed using:

conda install -c conda-forge scikit-learn

... (truncated)

Commits

Updates py7zr from 0.15.0 to 0.20.2

Release notes

Sourced from py7zr's releases.

v0.20.2: Fix bad path checker

No release notes provided.

Release v0.20.0

No release notes provided.

v0.19.2: Security fix backport

Backport secuirty fix and improvements from v0.20.2

v0.19.0

No release notes provided.

v0.18.2: secuirty fix backport

Backport secuirty fix and improvements from v0.20.2

v0.18.10

No release notes provided.

v0.18.9

No release notes provided.

v0.18.7

No release notes provided.

v0.18.6

No release notes provided.

v0.18.5

No release notes provided.

v0.18.4

No release notes provided.

v0.18.3

No release notes provided.

v0.18.1

No release notes provided.

v0.18.0

No release notes provided.

v0.17.4

No release notes provided.

v0.17.3

No release notes provided.

v0.17.2

No release notes provided.

... (truncated)

Changelog

Sourced from py7zr's changelog.

v0.20.2_

Fixed

  • Fix error with good path data, when detecting wrong path with new canonical_path(), and drop resolve() call on path.

v0.20.1_

Security

  • Fix sanity check for path traversal attack(#480)
  • Add path checker in writef() and writestr() methods that ignores evil pass.
    • When pass arcname as evil path such as "../../../../tmp/evil.sh"
    • it raises ValueError
  • Check symlink and junction is under target folder when extraction

v0.20.0_

Added

  • Support enhanced deflate compression.(#472)

Changed

  • Bump setuptools@63 and setuptools_scm@7 (#473)
  • CI: update script (#473)
  • Update tox config (#473)
  • Actions: change pypy version to 3.7 (#473)
  • Update readthedocs.yml (#473)

Deprecated

  • Deprecate Python 3.6 support (#473)

v0.19.0_

Changed

  • Replace deflate64(tm) decompressor to inflate64(#459)
  • test: improve checks of deflate64 case(#463)

... (truncated)

Commits
  • 777f408 Release v0.20.2
  • 3c3c5c0 Merge pull request #483 from miurahr/topic/miurahr/security/get-canonical-path
  • 1a61ba2 Introduce helpers.canonical_path()
  • 35b32f5 Merge pull request #481 from miurahr/topic/miurahr/security/symlink-attack-test
  • f6220b0 Add test against symlink attach
  • 3b83939 Release v0.20.1
  • 3a4b4de Merge pull request #480 from miurahr/topic/miurahr/security/fix-check-logic-z...
  • 8366b67 Update Changelog.rst
  • 1bb43f1 Fix sanity check for path traversal attack
  • 04e3af5 Bump inflate64@v0.3.1
  • Additional commits viewable in compare view

Updates mlflow from 1.23.1 to 3.11.1

Release notes

Sourced from mlflow's releases.

v3.11.1

MLflow 3.11.1 includes several major features and improvements.

Major New Features:

  • 🔍 Automatic Issue Identification: Automatically identify quality issues in your agent with AI! Use the new "Detect Issues" button in the traces table to analyze selected traces and surface potential problems across categories like correctness, safety, and performance. Issues are linked directly to traces for easy investigation and debugging. Docs (#21431, #21204, #21165, #21163, #21161, @​smoorjani, @​serena-ruan)
  • 💰 Gateway Budget Alerts & Limits: Control your AI Gateway spending with configurable budget policies! Set spending limits by time window (daily, weekly, or monthly), receive alerts before hitting limits, and prevent runaway costs with automatic request blocking. The new budget management UI lets you track spending, configure webhooks for notifications, and monitor violations across all your gateway endpoints. Docs (#21116, #21534, #21569, #21473, #21108, @​TomeHirata, @​copilot-swe-agent)
  • 📊 Trace Graph View: Visualize complex trace hierarchies with an interactive graph view! Navigate multi-level trace structures, understand parent-child relationships at a glance, and debug complex systems more effectively with a visual representation of your trace topology. Docs (#20607, @​joelrobin18)
  • 🌐 Native OpenTelemetry GenAI Convention Support: MLflow now natively supports the OpenTelemetry GenAI Semantic Conventions for trace export! When exporting traces via OTLP with MLFLOW_ENABLE_OTEL_GENAI_SEMCONV enabled, MLflow automatically translates them to follow the OTel GenAI semantic conventions, enabling seamless integration with OTel-compatible observability platforms while preserving GenAI-specific metadata. Docs (#21494, #21495, @​B-Step62)
  • 🔧 OpenCode Tracing Integration: Debug smarter with OpenCode CLI integration! Track and analyze code execution flows directly from your development workflow, making it easier to identify performance bottlenecks and trace issues back to specific code paths. Docs (#20133, @​joelrobin18)
  • Native UV Support for Model Dependencies: Automatic dependency inference now supports UV! MLflow automatically detects UV projects and captures exact, locked dependencies from your lockfile when logging models, ensuring reproducible environments. Docs (#20344, #20935, @​debu-sinha)
  • 🔒 Pickle-Free Model Serialization: Enhance security with pickle-free model formats! MLflow now supports safer model serialization using torch.export and skops formats, with improved controls when MLFLOW_ALLOW_PICKLE_DESERIALIZATION=False. Comprehensive documentation guides you through migrating existing models to pickle-free formats for production deployments. Docs (#21404, #21188, #20774, @​WeichenXu123)

Breaking Changes:

  • ⚠️ TypeScript SDK Package Renaming: The MLflow TypeScript SDK packages have been renamed to use npm organization scoping. If you're using the TypeScript SDK, update your package.json dependencies and import statements: mlflow-tracing@mlflow/core, mlflow-openai@mlflow/openai, mlflow-anthropic@mlflow/anthropic, mlflow-gemini@mlflow/gemini. All packages are now at version 0.2.0. (#20792, @​B-Step62)
  • Remove MLFLOW_ENABLE_INCREMENTAL_SPAN_EXPORT environment variable (#22182, @​PattaraS)
  • Remove litellm and gepa from genai extras (#22059, @​TomeHirata)
  • Block / and : in Registered Model names (#21458, @​Bhuvan-08)

Features:

  • [Evaluation] Allow MetaPromptOptimizer to work without litellm (#22233, @​TomeHirata)
  • [Tracking] Update Databricks API calls to use new gRPC APIs instead of py4j APIs (#22205, @​WeichenXu123)
  • [Build] Add aiohttp as a core dependency of mlflow (#22189, @​TomeHirata)
  • [Evaluation] Extend _get_provider_instance with groq, deepseek, xai, openrouter, ollama, databricks, vertex_ai (#22148, @​kriscon-db)
  • [UI] Move native providers to non-LiteLLM in gateway UI (#22203,

@dependabot
Bump the pip group across 5 directories with 9 updates
ff6717b 
Bumps the pip group with 1 update in the /PyTorch/SpeechSynthesis/FastPitch/triton directory: [onnx](https://github.com/onnx/onnx).
Bumps the pip group with 2 updates in the /PyTorch/SpeechSynthesis/Tacotron2/trtis_cpp/src/trt directory: [onnx](https://github.com/onnx/onnx) and [torch](https://github.com/pytorch/pytorch).
Bumps the pip group with 1 update in the /TensorFlow/Recommendation/WideAndDeep directory: [pyspark](https://github.com/apache/spark).
Bumps the pip group with 3 updates in the /TensorFlow2/Segmentation/nnUNet directory: [tqdm](https://github.com/tqdm/tqdm), [joblib](https://github.com/joblib/joblib) and [scikit-learn](https://github.com/scikit-learn/scikit-learn).
Bumps the pip group with 3 updates in the /Tools/PyTorch/TimeSeriesPredictionPlatform directory: [py7zr](https://github.com/miurahr/py7zr), [mlflow](https://github.com/mlflow/mlflow) and [gdown](https://github.com/wkentaro/gdown).


Updates `onnx` from 1.8.0 to 1.21.0
- [Release notes](https://github.com/onnx/onnx/releases)
- [Changelog](https://github.com/onnx/onnx/blob/main/docs/Changelog-ml.md)
- [Commits](onnx/onnx@v1.8.0...v1.21.0)

Updates `onnx` from 1.5.0 to 1.21.0
- [Release notes](https://github.com/onnx/onnx/releases)
- [Changelog](https://github.com/onnx/onnx/blob/main/docs/Changelog-ml.md)
- [Commits](onnx/onnx@v1.8.0...v1.21.0)

Updates `torch` from 1.3.0 to 2.8.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v1.3.0...v2.8.0)

Updates `pyspark` from 3.1.3 to 3.3.2
- [Commits](apache/spark@v3.1.3...v3.3.2)

Updates `tqdm` from 4.62 to 4.66.3
- [Release notes](https://github.com/tqdm/tqdm/releases)
- [Commits](tqdm/tqdm@v4.62.0...v4.66.3)

Updates `joblib` from 0.16.0 to 1.2.0
- [Release notes](https://github.com/joblib/joblib/releases)
- [Changelog](https://github.com/joblib/joblib/blob/main/CHANGES.rst)
- [Commits](joblib/joblib@0.16.0...1.2.0)

Updates `scikit-learn` from 0.23.2 to 1.5.0
- [Release notes](https://github.com/scikit-learn/scikit-learn/releases)
- [Commits](scikit-learn/scikit-learn@0.23.2...1.5.0)

Updates `py7zr` from 0.15.0 to 0.20.2
- [Release notes](https://github.com/miurahr/py7zr/releases)
- [Changelog](https://github.com/miurahr/py7zr/blob/v0.20.2/Changelog.rst)
- [Commits](miurahr/py7zr@v0.15.0...v0.20.2)

Updates `mlflow` from 1.23.1 to 3.11.1
- [Release notes](https://github.com/mlflow/mlflow/releases)
- [Changelog](https://github.com/mlflow/mlflow/blob/master/CHANGELOG.md)
- [Commits](mlflow/mlflow@v1.23.1...v3.11.1)

Updates `gdown` from 4.7.1 to 5.2.2
- [Release notes](https://github.com/wkentaro/gdown/releases)
- [Commits](wkentaro/gdown@v4.7.1...v5.2.2)

---
updated-dependencies:
- dependency-name: onnx
  dependency-version: 1.21.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: onnx
  dependency-version: 1.21.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: torch
  dependency-version: 2.8.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pyspark
  dependency-version: 3.3.2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tqdm
  dependency-version: 4.66.3
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: joblib
  dependency-version: 1.2.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: scikit-learn
  dependency-version: 1.5.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: py7zr
  dependency-version: 0.20.2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: mlflow
  dependency-version: 3.11.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: gdown
  dependency-version: 5.2.2
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 5, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants