Bump the pip group across 14 directories with 8 updates

[dependabot]

Bumps the pip group with 7 updates in the /apps/dash-image-processing directory:

Package	From	To
dash	1.0.0	2.15.0
numpy	1.16.3	1.22.0
flask	1.0.1	2.2.5
gunicorn	19.8.1	22.0.0
scipy	1.2.1	1.11.1
pillow	6.0.0	10.3.0
requests	2.18.4	2.31.0

Bumps the pip group with 6 updates in the /apps/dash-object-detection directory:

Package	From	To
dash	1.0.0	2.15.0
numpy	1.16.1	1.22.0
flask	1.0.1	2.2.5
gunicorn	19.9.0	22.0.0
scipy	1.2.1	1.11.1
pillow	5.4.1	10.3.0

Bumps the pip group with 2 updates in the /apps/dash-oil-and-gas directory: dash and gunicorn.
Bumps the pip group with 1 update in the /apps/dash-opioid-epidemic directory: dash.
Bumps the pip group with 2 updates in the /apps/dash-pk-calc directory: dash and gunicorn.
Bumps the pip group with 3 updates in the /apps/dash-salesforce-crm directory: dash, gunicorn and certifi.
Bumps the pip group with 2 updates in the /apps/dash-stitching directory: dash and gunicorn.
Bumps the pip group with 3 updates in the /apps/dash-study-browser directory: dash, gunicorn and scipy.
Bumps the pip group with 5 updates in the /apps/dash-tsne directory:

Package	From	To
dash	1.0.0	2.15.0
numpy	1.16.3	1.22.0
gunicorn	19.9.0	22.0.0
scipy	1.2.1	1.11.1
pillow	6.0.0	10.3.0

Bumps the pip group with 2 updates in the /apps/dash-uber-rides-demo directory: dash and gunicorn.
Bumps the pip group with 3 updates in the /apps/dash-web-trader directory: dash, gunicorn and requests.
Bumps the pip group with 4 updates in the /apps/dash-wind-streaming directory: dash, numpy, gunicorn and scipy.
Bumps the pip group with 2 updates in the /apps/dash-yield-curve directory: dash and gunicorn.
Bumps the pip group with 2 updates in the /apps/dashr-drug-discovery directory: dash and gunicorn.

Updates dash from 1.0.0 to 2.15.0

Release notes

Sourced from dash's releases.

Dash v2.15.0

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
  • Add tooltip.style a style object to give to the div of the tooltip.
  • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
• #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

• #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

• #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
• #2721 Remove ansi2html, fixes #2613

Dash v2.14.2

Fixed

• #2700 Fix _allow_dynamic_callbacks for newly-added components.

Dash v2.14.1

Fixed

• #2672 Fix get_caller_name in case the source is not available.

Changed

• #2674 Raise flask & werkzeug limits to <3.1

Dash v2.14.0

Fixed

• #2634 Fix deprecation warning on pkg_resources, fix #2631

Changed

• #2635 Get proper app module name, remove need to give __name__ to Dash constructor.

Added

• #2647 routing_callback_inputs allowing to pass more Input and/or State arguments to the pages routing callback
• #2649 Add _allow_dynamic_callbacks, register new callbacks inside other callbacks. WARNING: dynamic callback creation can be dangerous, use at you own risk. It is not intended for use in a production app, multi-user or multiprocess use as it only works for a single user.

Dash v2.13.0

Changed

• #2610 Load plotly.js bundle/version from plotly.py

... (truncated)

Changelog

Sourced from dash's changelog.

[2.15.0] - 2024-01-31

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
  • Add tooltip.style a style object to give to the div of the tooltip.
  • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
• #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

• #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

• #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
• #2721 Remove ansi2html, fixes #2613

[2.14.2] - 2023-11-27

Fixed

• #2700 Fix _allow_dynamic_callbacks for newly-added components.

[2.14.1] - 2023-10-26

Fixed

• #2672 Fix get_caller_name in case the source is not available.

Changed

• #2674 Raise flask & werkzeug limits to <3.1

[2.14.0] - 2023-10-11

Fixed

• #2634 Fix deprecation warning on pkg_resources, fix #2631

Changed

• #2635 Get proper app module name, remove need to give __name__ to Dash constructor.

Added

• #2647 routing_callback_inputs allowing to pass more Input and/or State arguments to the pages routing callback
• #2649 Add _allow_dynamic_callbacks, register new callbacks inside other callbacks. WARNING: dynamic callback creation can be dangerous, use at you own risk. It is not intended for use in a production app, multi-user or multiprocess use as it only works for a single user.

... (truncated)

Commits

• 115aa4e Merge pull request #2739 from plotly/master-2.15.0
• 9243f93 build
• 83c5422 Version 2.15.0 build artifacts
• 78d07c4 Merge branch 'dev' into master-2.15.0
• 6a8da52 Merge pull request #2737 from plotly/version-2.15.0
• 7cb6f07 build
• da4261e Fix changelog.
• 27751a8 Version 2.15.0
• 49ac14f Merge pull request #2723 from plotly/slider-tips
• 06fb03a docstring typos
• Additional commits viewable in compare view

Updates numpy from 1.16.3 to 1.22.0

Release notes

Sourced from numpy's releases.

v1.22.0

NumPy 1.22.0 Release Notes

NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements, highlights are:

• Annotations of the main namespace are essentially complete. Upstream is a moving target, so there will likely be further improvements, but the major work is done. This is probably the most user visible enhancement in this release.
• A preliminary version of the proposed Array-API is provided. This is a step in creating a standard collection of functions that can be used across application such as CuPy and JAX.
• NumPy now has a DLPack backend. DLPack provides a common interchange format for array (tensor) data.
• New methods for quantile, percentile, and related functions. The new methods provide a complete set of the methods commonly found in the literature.
• A new configurable allocator for use by downstream projects.

These are in addition to the ongoing work to provide SIMD support for commonly used functions, improvements to F2PY, and better documentation.

The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped. Note that 32 bit wheels are only provided for Python 3.8 and 3.9 on Windows, all other wheels are 64 bits on account of Ubuntu, Fedora, and other Linux distributions dropping 32 bit support. All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix the occasional problems encountered by folks using truly huge arrays.

Expired deprecations

Deprecated numeric style dtype strings have been removed

Using the strings "Bytes0", "Datetime64", "Str0", "Uint32", and "Uint64" as a dtype will now raise a TypeError.

(gh-19539)

Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

numpy.loads was deprecated in v1.15, with the recommendation that users use pickle.loads instead. ndfromtxt and mafromtxt were both deprecated in v1.17 - users should use numpy.genfromtxt instead with the appropriate value for the usemask parameter.

(gh-19615)

... (truncated)

Commits

• 4adc87d Merge pull request #20685 from charris/prepare-for-1.22.0-release
• fd66547 REL: Prepare for the NumPy 1.22.0 release.
• 125304b wip
• c283859 Merge pull request #20682 from charris/backport-20416
• 5399c03 Merge pull request #20681 from charris/backport-20954
• f9c45f8 Merge pull request #20680 from charris/backport-20663
• 794b36f Update armccompiler.py
• d93b14e Update test_public_api.py
• 7662c07 Update init.py
• 311ab52 Update armccompiler.py
• Additional commits viewable in compare view

Updates flask from 1.0.1 to 2.2.5

Release notes

Sourced from flask's releases.

2.2.5

This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently supported release branch; please upgrade to the latest version if possible.

• Security advisory: GHSA-m2qf-hxjv-5gpq, CVE-2023-30861
• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-5
• Milestone: https://github.com/pallets/flask/milestone/30?closed=1

2.2.4

This is a fix release for the 2.2.x release branch.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-4
• Milestone: https://github.com/pallets/flask/milestone/27?closed=1

2.2.3

This is a fix release for the 2.2.x release branch.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-3
• Milestone: https://github.com/pallets/flask/milestone/26?closed=1

2.2.2

This is a fix release for the 2.2.0 feature release.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-2
• Milestone: https://github.com/pallets/flask/milestone/25?closed=1

2.2.1

This is a fix release for the 2.2.0 feature release.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-1
• Milestone: https://github.com/pallets/flask/milestone/23?closed=1

2.2.0

This is a feature release, which includes new features and removes previously deprecated code. The 2.2.x branch is now the supported bug fix branch, the 2.1.x branch will become a tag marking the end of support for that branch. We encourage everyone to upgrade, and to use a tool such as pip-tools to pin all dependencies and control upgrades.

• Changes: https://flask.palletsprojects.com/en/2.2.x/changes/#version-2-2-0
• Milestone: https://github.com/pallets/flask/milestone/19?closed=1

2.1.3

• Changes: https://flask.palletsprojects.com/en/2.1.x/changes/#version-2-1-3
• Milestone: https://github.com/pallets/flask/milestone/22?closed=1

2.1.2

This is a fix release for the 2.1.0 feature release.

• Changes: https://flask.palletsprojects.com/en/2.1.x/changes/#version-2-1-2
• Milestone: https://github.com/pallets/flask/milestone/21?closed=1

2.1.1

This is a fix release for the 2.1.0 feature release.

... (truncated)

Changelog

Sourced from flask's changelog.

Version 2.2.5

Released 2023-05-02

• Update for compatibility with Werkzeug 2.3.3.
• Set Vary: Cookie header when the session is accessed, modified, or refreshed.

Version 2.2.4

Released 2023-04-25

• Update for compatibility with Werkzeug 2.3.

Version 2.2.3

Released 2023-02-15

• Autoescape is enabled by default for .svg template files. :issue:4831
• Fix the type of template_folder to accept pathlib.Path. :issue:4892
• Add --debug option to the flask run command. :issue:4777

Version 2.2.2

Released 2022-08-08

• Update Werkzeug dependency to >= 2.2.2. This includes fixes related to the new faster router, header parsing, and the development server. :pr:4754
• Fix the default value for app.env to be "production". This attribute remains deprecated. :issue:4740

Version 2.2.1

Released 2022-08-03

• Setting or accessing json_encoder or json_decoder raises a deprecation warning. :issue:4732

Version 2.2.0

... (truncated)

Commits

• 47af817 release version 2.2.5
• afd63b1 Merge pull request #5109 from pallets/backport-vary-cookie
• 8646edc set Vary: Cookie header consistently for session
• a6367da Merge pull request #5108 from pallets/werkzeug-compat
• 3fbfbad werkzeug 2.3.3 compatibility
• 726d3f4 start version 2.2.5
• ddc7acc Merge pull request #5081 from pallets/release-2.2.4
• 74e0329 release version 2.2.4
• 2d46068 update dev env
• 64bc458 update dev dependencies
• Additional commits viewable in compare view

Updates gunicorn from 19.8.1 to 22.0.0

Release notes

Sourced from gunicorn's releases.

Gunicorn 22.0 has been released

Gunicorn 22.0.0 has been released. This version fix the numerous security vulnerabilities. You're invited to upgrade asap your own installation.

Changes:

22.0.0 - 2024-04-17
===================

use utime to notify workers liveness
migrate setup to pyproject.toml
fix numerous security vulnerabilities in HTTP parser (closing some request smuggling vectors)
parsing additional requests is no longer attempted past unsupported request framing
on HTTP versions < 1.1 support for chunked transfer is refused (only used in exploits)
requests conflicting configured or passed SCRIPT_NAME now produce a verbose error
Trailer fields are no longer inspected for headers indicating secure scheme
support Python 3.12

** Breaking changes **

minimum version is Python 3.7
the limitations on valid characters in the HTTP method have been bounded to Internet Standards
requests specifying unsupported transfer coding (order) are refused by default (rare)
HTTP methods are no longer casefolded by default (IANA method registry contains none affected)
HTTP methods containing the number sign (#) are no longer accepted by default (rare)
HTTP versions < 1.0 or >= 2.0 are no longer accepted by default (rare, only HTTP/1.1 is supported)
HTTP versions consisting of multiple digits or containing a prefix/suffix are no longer accepted
HTTP header field names Gunicorn cannot safely map to variables are silently dropped, as in other software
HTTP headers with empty field name are refused by default (no legitimate use cases, used in exploits)
requests with both Transfer-Encoding and Content-Length are refused by default (such a message might indicate an attempt to perform request smuggling)
empty transfer codings are no longer permitted (reportedly seen with really old & broken proxies)

** SECURITY **

fix CVE-2024-1135

1. Documentation is available there: https://docs.gunicorn.org/en/stable/news.html
2. Packages: https://pypi.org/project/gunicorn/

Gunicorn 21.2.0 has been released

Gunicorn 21.2.0 has been released. This version fix the issue introduced in the threaded worker.

Changes:

21.2.0 - 2023-07-19
===================
fix thread worker: revert change considering connection as idle .
</tr></table> 

... (truncated)

Commits

• f63d59e bump to 22.0
• 4ac81e0 Merge pull request #3175 from e-kwsm/typo
• 401cecf Merge pull request #3179 from dhdaines/exclude-eventlet-0360
• 0243ec3 fix(deps): exclude eventlet 0.36.0
• 628a0bc chore: fix typos
• 88fc4a4 Merge pull request #3131 from pajod/patch-py12-rebased
• deae2fc CI: back off the agressive timeout
• f470382 docs: promise 3.12 compat
• 5e30bfa add changelog to project.urls (updated for PEP621)
• 481c3f9 remove setup.cfg - overridden by pyproject.toml
• Additional commits viewable in compare view

Updates scipy from 1.2.1 to 1.11.1

Release notes

Sourced from scipy's releases.

SciPy 1.11.1 Release Notes

SciPy 1.11.1 is a bug-fix release with no new features compared to 1.11.0. In particular, a licensing issue discovered after the release of 1.11.0 has been addressed.

Authors

• Name (commits)
• h-vetinari (1)
• Robert Kern (1)
• Ilhan Polat (4)
• Tyler Reddy (8)

A total of 4 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

SciPy 1.11.0 Release Notes

SciPy 1.11.0 is the culmination of 6 months of hard work. It contains many new features, numerous bug-fixes, improved test coverage and better documentation. There have been a number of deprecations and API changes in this release, which are documented below. All users are encouraged to upgrade to this release, as there are a large number of bug-fixes and optimizations. Before upgrading, we recommend that users check that their own code does not use deprecated SciPy functionality (to do so, run your code with python -Wd and check for DeprecationWarning s). Our development attention will now shift to bug-fix releases on the 1.11.x branch, and on adding new features on the main branch.

This release requires Python 3.9+ and NumPy 1.21.6 or greater.

For running on PyPy, PyPy3 6.0+ is required.

Highlights of this release

• Several scipy.sparse array API improvements, including sparse.sparray, a new public base class distinct from the older sparse.spmatrix class, proper 64-bit index support, and numerous deprecations paving the way to a modern sparse array experience.
• scipy.stats added tools for survival analysis, multiple hypothesis testing, sensitivity analysis, and working with censored data.

... (truncated)

Commits

• cfe8011 REL: 1.11.1 rel commit [wheel build]
• 450d8aa Merge pull request #18779 from tylerjereddy/treddy_1_11_1_prep
• 6f942e8 DOC: update 1.11.1 relnotes
• 145cec5 MAINT: fix unuran licensing
• 0760bab MAINT:linalg.det:Return scalars for singleton inputs (#18763)
• a1c6f99 MAINT:linalg:Use only NumPy types in lu
• 5cdc2fe MAINT:linalg:Remove memcpy from lu
• d9ac3f3 FIX:linalg:Guard against possible permute_l out of bound behavior
• 7ec5010 BUG: fix handling for factorial(..., exact=False) for 0-dim array inputs (#...
• 90415c6 BUG: Fix work array construction for various weight shapes. (#18741)
• Additional commits viewable in compare view

Updates pillow from 6.0.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@​hugovk]
• Use functools.lru_cache for hopper() #7912 [@​hugovk]
• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [@​radarhere]
• Improve speed of loading QOI images #7925 [@​radarhere]
• Added RGB to I;16N conversion #7920 [@​radarhere]
• Add --report argument to main.py to omit supported formats #7818 [@​nulano]
• Added RGB to I;16, I;16L and I;16B conversion #7918 [@​radarhere]
• Fix editable installation with custom build backend and configuration options #7658 [@​nulano]
• Fix putdata() for I;16N on big-endian #7209 [@​Yay295]
• Determine MPO size from markers, not EXIF data #7884 [@​radarhere]
• Improved conversion from RGB to RGBa, LA and La #7888 [@​radarhere]
• Support FITS images with GZIP_1 compression #7894 [@​radarhere]
• Use I;16 mode for 9-bit JPEG 2000 images #7900 [@​scaramallion]
• Raise ValueError if kmeans is negative #7891 [@​radarhere]
• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [@​radarhere]
• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [@​radarhere]
• Added reading of JPEG2000 palettes #7870 [@​radarhere]
• Added alpha_quality argument when saving WebP images #7872 [@​radarhere]
• Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881 [@​radarhere]
• Removed Python and NumPy pinning on Cygwin #7880 [@​radarhere]
• Update UnidentifiedImageError and version imports #7644 [@​radarhere]
• Stop reading EPS image at EOF marker #7753 [@​radarhere]
• PSD layer co-ordinates may be negative #7706 [@​radarhere]
• Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [@​radarhere]
• When saving GIF frame that restores to background color, do not fill identical pixels #7788 [@​radarhere]
• Fixed reading PNG iCCP compression method #7823 [@​radarhere]
• Allow writing IFDRational to UNDEFINED tag #7840 [@​radarhere]
• Fix logged tag name when loading Exif data #7842 [@​radarhere]
• Use maximum frame size in IHDR chunk when saving APNG images #7821 [@​radarhere]
• Prevent opening P TGA images without a palette #7797 [@​radarhere]
• Use palette when loading ICO images #7798 [@​radarhere]
• Use consistent arguments for load_read and load_seek #7713 [@​radarhere]
• Turn off nullability warnings for macOS SDK #7827 [@​radarhere]
• Fix shift-sign issue in Convert.c #7838 [@​r-barnes]
• winbuild: Refactor dependency versions into constants #7843 [@​hugovk]
• Build macOS arm64 wheels natively #7852 [@​radarhere]
• Fixed typo #7855 [@​radarhere]
• Open 16-bit grayscale PNGs as I;16 #7849 [@​radarhere]
• Handle truncated chunks at the end of PNG images #7709 [@​lajiyuan]
• Match mask size to pasted image size in GifImagePlugin #7779 [@​radarhere]
• Changed SupportsGetMesh protocol to be public #7841 [@​radarhere]
• Release GIL while calling WebPAnimDecoderGetNext #7782 [@​evanmiller]
• Fixed reading FLI/FLC images with a prefix chunk #7804 [@​twolife]
• Updated package name for Tidelift #7810 [@​radarhere]
• Removed unused code #7744 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

• Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

• Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

• Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

• Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

• Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

• Determine MPO size from markers, not EXIF data #7884 [radarhere]

• Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

• Support FITS images with GZIP_1 compression #7894 [radarhere]

• Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

• Raise ValueError if kmeans is negative #7891 [radarhere]

• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

• Added reading of JPEG2000 palettes #7870 [radarhere]

• Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits

• 5c89d88 10.3.0 version bump
• 63cbfcf Update CHANGES.rst [ci skip]
• 2776126 Merge pull request #7928 from python-pillow/lcms
• aeb51cb Merge branch 'main' into lcms
• 5beb0b6 Update CHANGES.rst [ci skip]
• cac6ffa Merge pull request #7927 from python-pillow/imagemath
• f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
• facf3af Added release notes
• 2a93aba Use strncpy to avoid buffer overflow
• a670597 Update CHANGES.rst [ci skip]
• Additional commits viewable in compare view

Updates requests from 2.18.4 to 2.31.0

Release notes

Sourced from requests's releases.

v2.31.0

2.31.0 (2023-05-22)

Security

• Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

  When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

  In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

  Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

  Full details can be read in our Github Security Advisory and CVE-2023-32681.

v2.30.0

2.30.0 (2023-05-03)

Dependencies

• ⚠️ Added support for urllib3 2.0. ⚠️

  This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading.

  Users who wish to stay on urllib3 1.x can pin to urllib3<2.

v2.29.0

2.29.0 (2023-04-26)

Improvements

• Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
• Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

... (truncated)

Changelog

Sourced from requests's changelog.

2.31.0 (2023-05-22)

Security

• Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

  When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

  In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

  Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

  Full details can be read in our Github Security Advisory and CVE-2023-32681.

2.30.0 (2023-05-03)

Dependencies

• ⚠️ Added support for urllib3 2.0. ⚠️

  This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading.

  Users who wish to stay on urllib3 1.x can pin to urllib3<2.

2.29.0 (2023-04-26)

Improvements

• Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
• Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

2.28.2 (2023-01-12)

... (truncated)

Commits

• 147c851 v2.31.0
• 74ea7cf Merge pull request from GHSA-j8r2-6x86-q33q
• 3022253 test on pypy 3.8 and pypy 3.9 on windows and macos (#6424)
• b639e66 test on py3.12 (#6448)
• d3d5044 Fixed a small typo (#6452)
• 2ad18e0 v2.30.0
• f2629e9 Remove strict parameter (#6434)
• 87d63de v2.29.0
• 51716c4 enable the warnings plugin (#6416)
• a7da1ab try on ubuntu 22.04 (#6418)
• Additional commits viewable in compare view

Updates dash from 1.0.0 to 2.15.0

Release notes

Sourced from dash's releases.

Dash v2.15.0

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
  • Add tooltip.style a style object to give to the div of the tooltip.
  • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
• #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

• #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

• #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
• #2721 Remove ansi2html, fixes #2613

Dash v2.14.2

Fixed

• #2700 Fix _allow_dynamic_callbacks for newly-added components.

Dash v2.14.1

Fixed

• #2672 Fix get_caller_name in case the source is not available.

Changed

• #2674 Raise flask & werkzeug limits to <3.1

Dash v2.14.0

Fixed

• #2634 Fix deprecation warning on pkg_resources, fix #2631

Changed

• #2635 Get proper app module name, remove need to give __name__ to Dash constructor.

Added

• #2647 routing_callback_inputs allowing to pass more Input and/or State arguments to the pages routing callback
• #2649 Add _allow_dynamic_callbacks, register new callbacks inside other callbacks. WARNING: dynamic callback creation can be dangerous, use at you own risk. It is not intended for use in a production app, multi-user or multiprocess use as it only works for a single user.

Dash v2.13.0

Changed

• #2610 Load plotly.js bundle/version from plotly.py

... (truncated)

Changelog

Sourced from dash's changelog.

[2.15.0] - 2024-01-31

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
  • Add tooltip.style a style object to give to the div of the tooltip.
  • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
• #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

• #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

• #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
• #2721 Remove ansi2html, fixes #2613

[2.14.2] - 2023-11-27

Fixed

• #2700 Fix _allow_dynamic_callbacks for newly-added components.

[2.14.1] - 2023-10-26

Fixed

• #2672 Fix get_caller_name in case the source is not available.

Changed

• #2674 Raise flask & werkzeug limits to <3.1

[2.14.0] - 2023-10-11

Fixed

• #2634 Fix deprecation warning on pkg_resources, fix #2631

Changed

• #2635 Get proper app module name, remove need to give __name__ to Dash constructor.

Added

• #2647 routing_callback_inputs allowing to pass more Input and/or State arguments to the pages routing callback
• #2649 Add _allow_dynamic_callbacks, register new callbacks inside other callbacks. WARNING: dynamic callback creation can be dangerous, use at you own risk. It is not intended for use in a production app, multi-user or multiprocess use as it only works for a single user.

... (truncated)

Commits

• 115aa4e Merge pull request