Bump the production-dependencies group across 1 directory with 8 updates

[dependabot]

Bumps the production-dependencies group with 8 updates in the / directory:

Package	From	To
asteval	1.0.0	1.0.2
cachetools	5.3.3	5.5.0
numpy	2.0.0	2.1.1
pyphen	0.15.0	0.16.0
scipy	1.14.0	1.14.1
shapely	2.0.4	2.0.6
matplotlib	3.9.1	3.9.2
moderngl	5.10.0	5.11.0

Updates asteval from 1.0.0 to 1.0.2

Release notes

Sourced from asteval's releases.

1.0.2

bug fixes:

• fix NameError handling in expression code
• make exception messages more Python-like

1.0.1

security fixes, based on audit by Andrew Effenhauser, Ayman Hammad, and Daniel Crowley, IBM X-Force Security Research division

• remove numpy modules polynomial, fft, linalg by default for security concerns
• disallow string.format(), improve security of f-string evaluation

Commits

• 22f6f48 more work to make exception messages more Python like
• d837fb9 put exception name with message, more like Python exception
• 1dec732 Merge pull request #130 from shazarivf/fix-nameerror-handling
• cab435a fix NameError handling in expression code
• c673c8b update doc to describe audit by IBM security research group
• d85e7cb remove numpy modules polynomial, fft, linalg by default for security concerns
• 1b453ec disallow string.format(), improve security of f-string evaluation
• See full diff in compare view

Updates cachetools from 5.3.3 to 5.5.0

Changelog

Sourced from cachetools's changelog.

v5.5.0 (2024-08-18)

• TTLCache.expire() returns iterable of expired (key, value) pairs.

• TLRUCache.expire() returns iterable of expired (key, value) pairs.

• Documentation improvements.

• Update CI environment.

v5.4.0 (2024-07-15)

• Add the keys.typedmethodkey decorator.

• Deprecate MRUCache class.

• Deprecate @func.mru_cache decorator.

• Update CI environment.

Commits

• 6c78a8f Bump version.
• 8841efd Release v5.5.0.
• f2ccaca Format tests with black.
• 237ad80 Fix #278: Improve TLRUCache docs.
• e960781 Fix #302: Improve cachetools.keys unit tests.
• ea158fc Bump actions/setup-python from 5.1.0 to 5.1.1
• 8a38daf Update expire docs.
• 7be40f0 TLRUCache.expire() returns iterable of expired (key, value) pairs.
• c22fc7d Fix #292, fix #205, fix #103: TTLCache.expire() returns iterable of expired (...
• 990665b Release v5.4.0.
• Additional commits viewable in compare view

Updates numpy from 2.0.0 to 2.1.1

Release notes

Sourced from numpy's releases.

2.1.1 (Sep 3, 2024)

NumPy 2.1.1 Release Notes

NumPy 2.1.1 is a maintenance release that fixes bugs and regressions discovered after the 2.1.0 release.

The Python versions supported by this release are 3.10-3.13.

Contributors

A total of 7 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Andrew Nelson
• Charles Harris
• Mateusz Sokół
• Maximilian Weigand +
• Nathan Goldbaum
• Pieter Eendebak
• Sebastian Berg

Pull requests merged

A total of 10 pull requests were merged for this release.

• #27236: REL: Prepare for the NumPy 2.1.0 release [wheel build]
• #27252: MAINT: prepare 2.1.x for further development
• #27259: BUG: revert unintended change in the return value of set_printoptions
• #27266: BUG: fix reference counting bug in __array_interface__ implementation...
• #27267: TST: Add regression test for missing descr in array-interface
• #27276: BUG: Fix #27256 and #27257
• #27278: BUG: Fix array_equal for numeric and non-numeric scalar types
• #27287: MAINT: Update maintenance/2.1.x after the 2.0.2 release
• #27303: BLD: cp311- macosx_arm64 wheels [wheel build]
• #27304: BUG: f2py: better handle filtering of public/private subroutines

Checksums

MD5

3053a97400db800b7377749e691eb39e  numpy-2.1.1-cp310-cp310-macosx_10_9_x86_64.whl
84b752a2220dce7c96ff89eef4f4aec3  numpy-2.1.1-cp310-cp310-macosx_11_0_arm64.whl
47ed4f704a64261f07ca24ef2e674524  numpy-2.1.1-cp310-cp310-macosx_14_0_arm64.whl
b8a45caa870aee980c298053cf064d28  numpy-2.1.1-cp310-cp310-macosx_14_0_x86_64.whl
e097ad5eee572b791b4a25eedad6df4a  numpy-2.1.1-cp310-cp310-manylinux_2_17_aarch64.manylinux2014_aarch64.whl
ae502c99315884cda7f0236a07c035c4  numpy-2.1.1-cp310-cp310-manylinux_2_17_x86_64.manylinux2014_x86_64.whl
841a859d975c55090c0b60b72aab93a3  numpy-2.1.1-cp310-cp310-musllinux_1_1_x86_64.whl
d51be2b17f5b87aac64ab80fdfafc85e  numpy-2.1.1-cp310-cp310-musllinux_1_2_aarch64.whl
1f8249bd725397c6233fe6a0e8ad18b1  numpy-2.1.1-cp310-cp310-win32.whl
d38d6f06589c1ec104a6a31ff6035781  numpy-2.1.1-cp310-cp310-win_amd64.whl

... (truncated)

Commits

• 48606ab Merge pull request #27328 from charris/prepare-2.1.1
• a7cb4c4 REL: Prepare for the NumPy 2.1.1 release [wheel build]
• 884c92b Merge pull request #27303 from charris/backport-27284
• ca7f5c1 Merge pull request #27304 from charris/backport-27049
• 2a49507 BUG: f2py: better handle filtering of public/private subroutines
• d4306dd TST: Add regression test for gh-26920
• db9668d BLD: cp311- macosx_arm64 wheels [wheel build]
• c6ff254 Merge pull request #27287 from charris/post-2.0.2-release-update
• 326bc17 MAINT: Update main after the 2.0.2 release
• 8164b7c Merge pull request #27278 from charris/backport-27275
• Additional commits viewable in compare view

Updates pyphen from 0.15.0 to 0.16.0

Release notes

Sourced from pyphen's releases.

0.16.0

• Close file when reading encoding
• Update dictionary repository

Changelog

Sourced from pyphen's changelog.

Version 0.16.0

Released on 2024-07-30.

• Close file when reading encoding
• Update dictionary repository

Commits

• a74cae4 Version 0.16.0
• e0623ad Update dictionary repository
• 6f3f769 Close file when reading encoding
• See full diff in compare view

Updates scipy from 1.14.0 to 1.14.1

Release notes

Sourced from scipy's releases.

SciPy 1.14.1 Release Notes

SciPy 1.14.1 adds support for Python 3.13, including binary wheels on PyPI. Apart from that, it is a bug-fix release with no new features compared to 1.14.0.

Authors

• Name (commits)
• h-vetinari (1)
• Evgeni Burovski (1)
• CJ Carey (2)
• Lucas Colley (3)
• Ralf Gommers (3)
• Melissa Weber Mendonça (1)
• Andrew Nelson (3)
• Nick ODell (1)
• Tyler Reddy (36)
• Daniel Schmitz (1)
• Dan Schult (4)
• Albert Steppi (2)
• Ewout ter Hoeven (1)
• Tibor Völcker (2) +
• Adam Turner (1) +
• Warren Weckesser (2)
• ਗਗਨਦੀਪ ਸਿੰਘ (Gagandeep Singh) (1)

A total of 17 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

Commits

• 92d2a85 REL: 1.14.1 rel commit [wheel build]
• 85623a1 Merge pull request #21362 from tylerjereddy/treddy_1.14.1_backports
• d924005 MAINT: PR 21362 revisions [wheel build]
• b901a4e MAINT, CI: PR 21362 revisions [wheel build]
• 2a7ec60 MAINT, BLD: PR 21362 revisions [wheel build]
• f4f084d MAINT, CI: PR 21362 revisions [wheel build]
• b712fc6 DOC: update 1.14.1 relnotes [wheel build]
• cdd5aca MAINT: special: Accommodate changed integer handling in NumPy 2.0. (#21401)
• 0f91838 BLD: cp313 wheels on manylinux_aarch64 (#21409)
• 6dd0b00 MAINT, CI: wheel build changes [wheel build]
• Additional commits viewable in compare view

Updates shapely from 2.0.4 to 2.0.6

Release notes

Sourced from shapely's releases.

2.0.6

Wheels are available for Python 3.13 (and still include GEOS 3.11.4).

Bug fixes:

• Fix compatibility with NumPy 2.1.0 (#2099).

For a full changelog, see https://shapely.readthedocs.io/en/latest/release/2.x.html#version-2-0-6

2.0.5

Binary wheels on PyPI include GEOS 3.11.4 from 2024-06-05. Furthermore, universal2 wheels are removed for macOS since both x86_64 and arm64 wheels are provided.

Bug fixes:

• Fix Point x/y/z attributes to return Python floats (#2074).
• Fix affinity for Apple silicon with NumPy 2.0 by reverting matmul, and use direct matrix multiplication instead (#2085).

For a full changelog, see https://shapely.readthedocs.io/en/latest/release/2.x.html#version-2-0-5

Changelog

Sourced from shapely's changelog.

2.0.6 (2024-08-19)

Bug fixes:

• Fix compatibility with NumPy 2.1.0 (#2099).

Wheels are available for Python 3.13 (and still include GEOS 3.11.4).

2.0.5 (2024-07-13)

Binary wheels on PyPI include GEOS 3.11.4 from 2024-06-05. Furthermore, universal2 wheels are removed for macOS since both x86_64 and arm64 wheels are provided.

Bug fixes:

• Fix Point x/y/z attributes to return Python floats (#2074).
• Fix affinity for Apple silicon with NumPy 2.0 by reverting matmul, and use direct matrix multiplication instead (#2085).

Commits

• 5a4207d RLS: 2.0.6
• c65fa42 Bump pypa/cibuildwheel from 2.19.2 to 2.20.0 (build Python 3.13 wheels) (#2103)
• 2f411ee DOC/RLS: starts changelog for 2.0.6 (#2113)
• 225445c BLD: suppress 'incompatible-function-pointer-types' error for clang>=16 (#2114)
• 3ab8fbc TST/CI: enable testing Python 3.13, NumPy 2.1, GEOS 3.13 (#2105)
• 2a83905 Fix compatibility with numpy 2.1 dev to cast GeometryType to int as ufunc inp...
• a4fe42f RLS: 2.0.5
• 0bfcf3a DOC/RLS: starts changelog for 2.0.5 (#2088)
• b186704 RLS/CI: upgrade GEOS versions to latest minor, add more to CI matrix (#2086)
• 1ede9b2 FIX: replace matmul with manual matrix multiplication for affinity (#2085)
• Additional commits viewable in compare view

Updates matplotlib from 3.9.1 to 3.9.2

Release notes

Sourced from matplotlib's releases.

REL: 3.9.2

This is the second bugfix release of the 3.9.x series.

This release contains several bug-fixes and adjustments:

• Be more resilient to I/O failures when writing font cache
• Fix nondeterministic behavior with subplot spacing and constrained layout
• Fix sticky edge tolerance relative to data range
• Improve formatting of image values in cases of singular norms

Windows wheels now bundle the MSVC runtime DLL statically to avoid inconsistencies with other wheels and random crashes depending on import order.

Commits

• a254b68 REL: 3.9.2
• 056f307 DOC: Create release notes for 3.9.2
• 8d867ce Merge branch 'v3.9.1-doc' into v3.9.x
• 7be8675 Merge pull request #28687 from QuLogic/static-msvc
• 3ed3d7b Merge pull request #28695 from meeseeksmachine/auto-backport-of-pr-27797-on-v...
• 8a62afa BLD: Include MSVCP140 runtime statically
• 81be26f Merge pull request #28688 from QuLogic/auto-backport-of-pr-28668-on-v3.9.x
• d88a582 Backport PR #27797: DOC: Use video files for saving animations
• e3159ba Merge pull request #28692 from meeseeksmachine/auto-backport-of-pr-28632-on-v...
• 465401e Backport PR #28632: DOC: Tell sphinx-gallery to link mpl_toolkits from our build
• Additional commits viewable in compare view

Updates moderngl from 5.10.0 to 5.11.0

Changelog

Sourced from moderngl's changelog.

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

main

Commits

• a514233 update release action
• 2aadca5 external data examples
• 1ac8c37 organize examples data
• b68a5dc imgui integration example
• b32b3a6 upadte headless example
• 43b0d1f update some moderngl window examples
• 580fc59 initialize examples readme
• ee9631f move more examples
• 375bdff new examples
• c4dde54 move examples to old
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[dependabot]

Superseded by #767.