X Tutup
Skip to content

Bump the pip group across 4 directories with 5 updates#2

Open
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/handling-pdf-files/pdf-signer/pip-b97e8fd6cf
Open

Bump the pip group across 4 directories with 5 updates#2
dependabot[bot] wants to merge 1 commit intomasterfrom
dependabot/pip/handling-pdf-files/pdf-signer/pip-b97e8fd6cf

Conversation

@dependabot
Copy link

@dependabot dependabot bot commented on behalf of github Mar 16, 2026

Bumps the pip group with 1 update in the /handling-pdf-files/pdf-signer directory: pyopenssl.
Bumps the pip group with 1 update in the /machine-learning/image-classifier directory: tensorflow.
Bumps the pip group with 1 update in the /machine-learning/logistic-regression-in-pytorch directory: torch.
Bumps the pip group with 2 updates in the /machine-learning/sift directory: opencv-contrib-python and opencv-python.

Updates pyopenssl from 20.0.1 to 26.0.0

Changelog

Sourced from pyopenssl's changelog.

26.0.0 (2026-03-15)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • Dropped support for Python 3.7.
  • The minimum cryptography version is now 46.0.0.

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • Added support for using aws-lc instead of OpenSSL.
  • Properly raise an error if a DTLS cookie callback returned a cookie longer than DTLS1_COOKIE_LENGTH bytes. Previously this would result in a buffer-overflow. Credit to dark_haxor for reporting the issue. CVE-2026-27459
  • Added OpenSSL.SSL.Connection.get_group_name to determine which group name was negotiated.
  • Context.set_tlsext_servername_callback now handles exceptions raised in the callback by calling sys.excepthook and returning a fatal TLS alert. Previously, exceptions were silently swallowed and the handshake would proceed as if the callback had succeeded. Credit to Leury Castillo for reporting this issue. CVE-2026-27448

25.3.0 (2025-09-16)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • Maximum supported cryptography version is now 46.x.

25.2.0 (2025-09-14)

Backward-incompatible changes: ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

  • The minimum cryptography version is now 45.0.7.

Deprecations: ^^^^^^^^^^^^^

Changes: ^^^^^^^^

  • pyOpenSSL now sets SSL_MODE_ACCEPT_MOVING_WRITE_BUFFER on connections by default, matching CPython's behavior.

... (truncated)

Commits
  • 358cbf2 Prepare for 26.0.0 release (#1487)
  • a8d28e7 Bump actions/cache from 4 to 5 (#1486)
  • 6fefff0 Add aws-lc compatibility to tests and CI (#1476)
  • a739f96 Bump actions/download-artifact from 8.0.0 to 8.0.1 (#1485)
  • 8b4c66b Bump actions/upload-artifact in /.github/actions/upload-coverage (#1484)
  • 02a5c78 Bump actions/upload-artifact from 6.0.0 to 7.0.0 (#1483)
  • d973387 Bump actions/download-artifact from 7.0.0 to 8.0.0 (#1482)
  • 57f09bb Fix buffer overflow in DTLS cookie generation callback (#1479)
  • d41a814 Handle exceptions in set_tlsext_servername_callback callbacks (#1478)
  • 7b29beb Fix not using a cryptography wheel on uv (#1475)
  • Additional commits viewable in compare view

Updates tensorflow from 2.5.3 to 2.12.1

Release notes

Sourced from tensorflow's releases.

TensorFlow 2.12.1

Release 2.12.1

Bug Fixes and Other Changes

  • The use of the ambe config to build and test aarch64 is not needed. The ambe config will be removed in the future. Making cpu_arm64_pip.sh and cpu_arm64_nonpip.sh more similar for easier future maintenance.

TensorFlow 2.12.0

Release 2.12.0

TensorFlow

Breaking Changes

  • Build, Compilation and Packaging

    • Removed redundant packages tensorflow-gpu and tf-nightly-gpu. These packages were removed and replaced with packages that direct users to switch to tensorflow or tf-nightly respectively. Since TensorFlow 2.1, the only difference between these two sets of packages was their names, so there is no loss of functionality or GPU support. See https://pypi.org/project/tensorflow-gpu for more details.

  • tf.function:

    • tf.function now uses the Python inspect library directly for parsing the signature of the Python function it is decorated on. This change may break code where the function signature is malformed, but was ignored previously, such as:
      • Using functools.wraps on a function with different signature
      • Using functools.partial with an invalid tf.function input
    • tf.function now enforces input parameter names to be valid Python identifiers. Incompatible names are automatically sanitized similarly to existing SavedModel signature behavior.
    • Parameterless tf.functions are assumed to have an empty input_signature instead of an undefined one even if the input_signature is unspecified.
    • tf.types.experimental.TraceType now requires an additional placeholder_value method to be defined.
    • tf.function now traces with placeholder values generated by TraceType instead of the value itself.

  • Experimental APIs tf.config.experimental.enable_mlir_graph_optimization and tf.config.experimental.disable_mlir_graph_optimization were removed.

Major Features and Improvements

  • Support for Python 3.11 has been added.

  • Support for Python 3.7 has been removed. We are not releasing any more patches for Python 3.7.

  • tf.lite:

    • Add 16-bit float type support for built-in op fill.
    • Transpose now supports 6D tensors.
    • Float LSTM now supports diagonal recurrent tensors: https://arxiv.org/abs/1903.08023

  • tf.experimental.dtensor:

    • Coordination service now works with dtensor.initialize_accelerator_system, and enabled by default.
    • Add tf.experimental.dtensor.is_dtensor to check if a tensor is a DTensor instance.

  • tf.data:

    • Added support for alternative checkpointing protocol which makes it possible to checkpoint the state of the input pipeline without having to store the contents of internal buffers. The new functionality can be enabled through the experimental_symbolic_checkpoint option of tf.data.Options().
    • Added a new rerandomize_each_iteration argument for the tf.data.Dataset.random() operation, which controls whether the sequence of generated random numbers should be re-randomized every epoch or not (the default behavior). If seed is set and rerandomize_each_iteration=True, the random() operation will produce a different (deterministic) sequence of numbers every epoch.

... (truncated)

Changelog

Sourced from tensorflow's changelog.

Release 2.12.1

Bug Fixes and Other Changes

  • The use of the ambe config to build and test aarch64 is not needed. The ambe config will be removed in the future. Making cpu_arm64_pip.sh and cpu_arm64_nonpip.sh more similar for easier future maintenance.

Release 2.12.0

Breaking Changes

  • Build, Compilation and Packaging

    • Removed redundant packages tensorflow-gpu and tf-nightly-gpu. These packages were removed and replaced with packages that direct users to switch to tensorflow or tf-nightly respectively. Since TensorFlow 2.1, the only difference between these two sets of packages was their names, so there is no loss of functionality or GPU support. See https://pypi.org/project/tensorflow-gpu for more details.

  • tf.function:

    • tf.function now uses the Python inspect library directly for parsing the signature of the Python function it is decorated on. This change may break code where the function signature is malformed, but was ignored previously, such as:
      • Using functools.wraps on a function with different signature
      • Using functools.partial with an invalid tf.function input
    • tf.function now enforces input parameter names to be valid Python identifiers. Incompatible names are automatically sanitized similarly to existing SavedModel signature behavior.
    • Parameterless tf.functions are assumed to have an empty input_signature instead of an undefined one even if the input_signature is unspecified.
    • tf.types.experimental.TraceType now requires an additional placeholder_value method to be defined.
    • tf.function now traces with placeholder values generated by TraceType instead of the value itself.

  • Experimental APIs tf.config.experimental.enable_mlir_graph_optimization and tf.config.experimental.disable_mlir_graph_optimization were removed.

Major Features and Improvements

  • Support for Python 3.11 has been added.

  • Support for Python 3.7 has been removed. We are not releasing any more patches for Python 3.7.

  • tf.lite:

    • Add 16-bit float type support for built-in op fill.
    • Transpose now supports 6D tensors.
    • Float LSTM now supports diagonal recurrent tensors: https://arxiv.org/abs/1903.08023

  • tf.experimental.dtensor:

    • Coordination service now works with dtensor.initialize_accelerator_system, and enabled by default.
    • Add tf.experimental.dtensor.is_dtensor to check if a tensor is a DTensor instance.

  • tf.data:

    • Added support for alternative checkpointing protocol which makes it possible to checkpoint the state of the input pipeline without having to store the contents of internal buffers. The new functionality can be enabled through the experimental_symbolic_checkpoint option of tf.data.Options().
    • Added a new rerandomize_each_iteration argument for the tf.data.Dataset.random() operation, which controls whether the sequence of generated random numbers should be re-randomized every epoch or not (the default behavior). If seed is set and rerandomize_each_iteration=True, the random() operation will produce a different (deterministic) sequence of numbers every epoch.
    • Added a new rerandomize_each_iteration argument for the tf.data.Dataset.sample_from_datasets() operation, which controls whether the sequence of generated random numbers used for sampling should be re-randomized every epoch or not. If seed is set and rerandomize_each_iteration=True, the sample_from_datasets() operation will use a different (deterministic) sequence of numbers every epoch.

  • tf.test:

... (truncated)

Commits
  • 8e2b665 Merge pull request #61094 from tensorflow/venkat-patch-444
  • 02478f0 Fix unit test failure caused by numpy update
  • 2cd9b41 Merge pull request #61082 from tensorflow/venkat-patch-333
  • 7995c95 Updating Simplified retry logic to DNS cache
  • 29479ed Merge pull request #60872 from tensorflow/r2.12-c45a6c0b1cb
  • e76a933 Simplified retry logic to DNS cache
  • 76addf7 Merge pull request #60850 from elfringham/non_pip_fix
  • 05987a8 [Linaro:ARM_CI] Fix permissions for running nonpip tests
  • 23724d2 Merge pull request #60842 from elfringham/r2.12
  • 496730b Limit typing_extensions to less than 4.6.0 until it works
  • Additional commits viewable in compare view

Updates torch from 1.10.1 to 2.8.0

Release notes

Sourced from torch's releases.

PyTorch 2.8.0 Release Notes

Highlights

... (truncated)

Changelog

Sourced from torch's changelog.

Releasing PyTorch

Release Compatibility Matrix

Following is the Release Compatibility Matrix for PyTorch releases:

... (truncated)

Commits
  • ba56102 Cherrypick: Add the RunLLM widget to the website (#159592)
  • c525a02 [dynamo, docs] cherry pick torch.compile programming model docs into 2.8 (#15...
  • a1cb3cc [Release Only] Remove nvshmem from list of preload libraries (#158925)
  • c76b235 Move out super large one off foreach_copy test (#158880)
  • 20a0e22 Revert "[Dynamo] Allow inlining into AO quantization modules (#152934)" (#158...
  • 9167ac8 [MPS] Switch Cholesky decomp to column wise (#158237)
  • 5534685 [MPS] Reimplement tri[ul] as Metal shaders (#158867)
  • d19e08d Cherry pick PR 158746 (#158801)
  • a6c044a [cherry-pick] Unify torch.tensor and torch.ops.aten.scalar_tensor behavior (#...
  • 620ebd0 [Dynamo] Use proper sources for constructing dataclass defaults (#158689)
  • Additional commits viewable in compare view

Updates opencv-contrib-python from 3.4.2.16 to 4.8.1.78

Release notes

Sourced from opencv-contrib-python's releases.

4.8.1.78

OpenCV 4.8.1 release.

Important changes:

4.8.0.76

Adds cv2.typing to package. Close #869

4.8.0.74

Important changes:

  • #20370 Python typing stubs.
  • #23350 Fix reference counting errors in registerNewType.
  • #23399, #23436, #23138 Fixed ChAruco and diamond boards detector bindings.
  • #23371 Added bindings to allow GpuMat and Stream objects to be initialized from memory initialized in other libraries
  • #23691 np.float16 support.
  • Python bindings for RotatedRect, CV_MAKETYPE, CV_8UC(n).
  • Several build fixes for OpenCV-Python package

4.7.0.72

OpenCV 4.7.0 with various distribution bug fixes.

  • Mac OS 11 support.
  • Old Linux support with zlib version older than 1.9.
  • Package build fixes for Python 11 on Musl C based system (Alpine).

4.7.0.70

OpenCV 4.7.0 with various distribution bug fixes.

  • Mac OS 11 support.
  • Old Linux support with zlib version older than 1.9.
  • Package build fixes for Python 11 on Musl C based system (Alpine).

4.7.0.68

opencv-python: https://pypi.org/project/opencv-python/ opencv-contrib-python: https://pypi.org/project/opencv-contrib-python/ opencv-python-headless: https://pypi.org/project/opencv-python-headless/ opencv-contrib-python-headless: https://pypi.org/project/opencv-contrib-python-headless/

OpenCV 4.7.0

Changes:

  • Updated third-party libraries to fix potential vulnerabilities.
  • Dropped Python 3.6 support.
  • Added Python 3.11 support.

4.6.0.66

opencv-python: https://pypi.org/project/opencv-python/ opencv-contrib-python: https://pypi.org/project/opencv-contrib-python/ opencv-python-headless: https://pypi.org/project/opencv-python-headless/

... (truncated)

Commits

Updates opencv-python from 3.4.2.16 to 4.8.1.78

Release notes

Sourced from opencv-python's releases.

4.8.1.78

OpenCV 4.8.1 release.

Important changes:

4.8.0.76

Adds cv2.typing to package. Close #869

4.8.0.74

Important changes:

  • #20370 Python typing stubs.
  • #23350 Fix reference counting errors in registerNewType.
  • #23399, #23436, #23138 Fixed ChAruco and diamond boards detector bindings.
  • #23371 Added bindings to allow GpuMat and Stream objects to be initialized from memory initialized in other libraries
  • #23691 np.float16 support.
  • Python bindings for RotatedRect, CV_MAKETYPE, CV_8UC(n).
  • Several build fixes for OpenCV-Python package

4.7.0.72

OpenCV 4.7.0 with various distribution bug fixes.

  • Mac OS 11 support.
  • Old Linux support with zlib version older than 1.9.
  • Package build fixes for Python 11 on Musl C based system (Alpine).

4.7.0.70

OpenCV 4.7.0 with various distribution bug fixes.

  • Mac OS 11 support.
  • Old Linux support with zlib version older than 1.9.
  • Package build fixes for Python 11 on Musl C based system (Alpine).

4.7.0.68

opencv-python: https://pypi.org/project/opencv-python/ opencv-contrib-python: https://pypi.org/project/opencv-contrib-python/ opencv-python-headless: https://pypi.org/project/opencv-python-headless/ opencv-contrib-python-headless: https://pypi.org/project/opencv-contrib-python-headless/

OpenCV 4.7.0

Changes:

  • Updated third-party libraries to fix potential vulnerabilities.
  • Dropped Python 3.6 support.
  • Added Python 3.11 support.

4.6.0.66

opencv-python: https://pypi.org/project/opencv-python/ opencv-contrib-python: https://pypi.org/project/opencv-contrib-python/ opencv-python-headless: https://pypi.org/project/opencv-python-headless/

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 4 directories with 5 updates
5368daf 
Bumps the pip group with 1 update in the /handling-pdf-files/pdf-signer directory: [pyopenssl](https://github.com/pyca/pyopenssl).
Bumps the pip group with 1 update in the /machine-learning/image-classifier directory: [tensorflow](https://github.com/tensorflow/tensorflow).
Bumps the pip group with 1 update in the /machine-learning/logistic-regression-in-pytorch directory: [torch](https://github.com/pytorch/pytorch).
Bumps the pip group with 2 updates in the /machine-learning/sift directory: [opencv-contrib-python](https://github.com/opencv/opencv-python) and [opencv-python](https://github.com/opencv/opencv-python).


Updates `pyopenssl` from 20.0.1 to 26.0.0
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pyopenssl@20.0.1...26.0.0)

Updates `tensorflow` from 2.5.3 to 2.12.1
- [Release notes](https://github.com/tensorflow/tensorflow/releases)
- [Changelog](https://github.com/tensorflow/tensorflow/blob/master/RELEASE.md)
- [Commits](tensorflow/tensorflow@v2.5.3...v2.12.1)

Updates `torch` from 1.10.1 to 2.8.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v1.10.1...v2.8.0)

Updates `opencv-contrib-python` from 3.4.2.16 to 4.8.1.78
- [Release notes](https://github.com/opencv/opencv-python/releases)
- [Commits](https://github.com/opencv/opencv-python/commits)

Updates `opencv-python` from 3.4.2.16 to 4.8.1.78
- [Release notes](https://github.com/opencv/opencv-python/releases)
- [Commits](https://github.com/opencv/opencv-python/commits)

---
updated-dependencies:
- dependency-name: pyopenssl
  dependency-version: 26.0.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: tensorflow
  dependency-version: 2.12.1
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: torch
  dependency-version: 2.8.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: opencv-contrib-python
  dependency-version: 4.8.1.78
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: opencv-python
  dependency-version: 4.8.1.78
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Mar 16, 2026
@dependabot dependabot bot mentioned this pull request Mar 16, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants

X Tutup