Bump the pip group across 6 directories with 5 updates

[dependabot]

Bumps the pip group with 4 updates in the /apps/dash-tsne directory: dash, numpy, scipy and pillow.
Bumps the pip group with 1 update in the /apps/dash-uber-rides-demo directory: dash.
Bumps the pip group with 2 updates in the /apps/dash-web-trader directory: dash and requests.
Bumps the pip group with 3 updates in the /apps/dash-wind-streaming directory: dash, numpy and scipy.
Bumps the pip group with 1 update in the /apps/dash-yield-curve directory: dash.
Bumps the pip group with 1 update in the /apps/dashr-drug-discovery directory: dash.

Updates dash from 1.0.0 to 2.15.0

Release notes

Sourced from dash's releases.

Dash v2.15.0

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
  • Add tooltip.style a style object to give to the div of the tooltip.
  • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
• #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

• #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

• #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
• #2721 Remove ansi2html, fixes #2613

Dash v2.14.2

Fixed

• #2700 Fix _allow_dynamic_callbacks for newly-added components.

Dash v2.14.1

Fixed

• #2672 Fix get_caller_name in case the source is not available.

Changed

• #2674 Raise flask & werkzeug limits to <3.1

Dash v2.14.0

Fixed

• #2634 Fix deprecation warning on pkg_resources, fix #2631

Changed

• #2635 Get proper app module name, remove need to give __name__ to Dash constructor.

Added

• #2647 routing_callback_inputs allowing to pass more Input and/or State arguments to the pages routing callback
• #2649 Add _allow_dynamic_callbacks, register new callbacks inside other callbacks. WARNING: dynamic callback creation can be dangerous, use at you own risk. It is not intended for use in a production app, multi-user or multiprocess use as it only works for a single user.

Dash v2.13.0

Changed

• #2610 Load plotly.js bundle/version from plotly.py

... (truncated)

Changelog

Sourced from dash's changelog.

[2.15.0] - 2024-01-31

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
  • Add tooltip.style a style object to give to the div of the tooltip.
  • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
• #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

• #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

• #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
• #2721 Remove ansi2html, fixes #2613

[2.14.2] - 2023-11-27

Fixed

• #2700 Fix _allow_dynamic_callbacks for newly-added components.

[2.14.1] - 2023-10-26

Fixed

• #2672 Fix get_caller_name in case the source is not available.

Changed

• #2674 Raise flask & werkzeug limits to <3.1

[2.14.0] - 2023-10-11

Fixed

• #2634 Fix deprecation warning on pkg_resources, fix #2631

Changed

• #2635 Get proper app module name, remove need to give __name__ to Dash constructor.

Added

• #2647 routing_callback_inputs allowing to pass more Input and/or State arguments to the pages routing callback
• #2649 Add _allow_dynamic_callbacks, register new callbacks inside other callbacks. WARNING: dynamic callback creation can be dangerous, use at you own risk. It is not intended for use in a production app, multi-user or multiprocess use as it only works for a single user.

... (truncated)

Commits

• 115aa4e Merge pull request #2739 from plotly/master-2.15.0
• 9243f93 build
• 83c5422 Version 2.15.0 build artifacts
• 78d07c4 Merge branch 'dev' into master-2.15.0
• 6a8da52 Merge pull request #2737 from plotly/version-2.15.0
• 7cb6f07 build
• da4261e Fix changelog.
• 27751a8 Version 2.15.0
• 49ac14f Merge pull request #2723 from plotly/slider-tips
• 06fb03a docstring typos
• Additional commits viewable in compare view

Updates numpy from 1.16.3 to 1.22.0

Release notes

Sourced from numpy's releases.

v1.22.0

NumPy 1.22.0 Release Notes

NumPy 1.22.0 is a big release featuring the work of 153 contributors spread over 609 pull requests. There have been many improvements, highlights are:

• Annotations of the main namespace are essentially complete. Upstream is a moving target, so there will likely be further improvements, but the major work is done. This is probably the most user visible enhancement in this release.
• A preliminary version of the proposed Array-API is provided. This is a step in creating a standard collection of functions that can be used across application such as CuPy and JAX.
• NumPy now has a DLPack backend. DLPack provides a common interchange format for array (tensor) data.
• New methods for quantile, percentile, and related functions. The new methods provide a complete set of the methods commonly found in the literature.
• A new configurable allocator for use by downstream projects.

These are in addition to the ongoing work to provide SIMD support for commonly used functions, improvements to F2PY, and better documentation.

The Python versions supported in this release are 3.8-3.10, Python 3.7 has been dropped. Note that 32 bit wheels are only provided for Python 3.8 and 3.9 on Windows, all other wheels are 64 bits on account of Ubuntu, Fedora, and other Linux distributions dropping 32 bit support. All 64 bit wheels are also linked with 64 bit integer OpenBLAS, which should fix the occasional problems encountered by folks using truly huge arrays.

Expired deprecations

Deprecated numeric style dtype strings have been removed

Using the strings "Bytes0", "Datetime64", "Str0", "Uint32", and "Uint64" as a dtype will now raise a TypeError.

(gh-19539)

Expired deprecations for loads, ndfromtxt, and mafromtxt in npyio

numpy.loads was deprecated in v1.15, with the recommendation that users use pickle.loads instead. ndfromtxt and mafromtxt were both deprecated in v1.17 - users should use numpy.genfromtxt instead with the appropriate value for the usemask parameter.

(gh-19615)

... (truncated)

Commits

• 4adc87d Merge pull request #20685 from charris/prepare-for-1.22.0-release
• fd66547 REL: Prepare for the NumPy 1.22.0 release.
• 125304b wip
• c283859 Merge pull request #20682 from charris/backport-20416
• 5399c03 Merge pull request #20681 from charris/backport-20954
• f9c45f8 Merge pull request #20680 from charris/backport-20663
• 794b36f Update armccompiler.py
• d93b14e Update test_public_api.py
• 7662c07 Update init.py
• 311ab52 Update armccompiler.py
• Additional commits viewable in compare view

Updates scipy from 1.2.1 to 1.11.1

Release notes

Sourced from scipy's releases.

SciPy 1.11.1 Release Notes

SciPy 1.11.1 is a bug-fix release with no new features compared to 1.11.0. In particular, a licensing issue discovered after the release of 1.11.0 has been addressed.

Authors

• Name (commits)
• h-vetinari (1)
• Robert Kern (1)
• Ilhan Polat (4)
• Tyler Reddy (8)

A total of 4 people contributed to this release. People with a "+" by their names contributed a patch for the first time. This list of names is automatically generated, and may not be fully complete.

SciPy 1.11.0 Release Notes

SciPy 1.11.0 is the culmination of 6 months of hard work. It contains many new features, numerous bug-fixes, improved test coverage and better documentation. There have been a number of deprecations and API changes in this release, which are documented below. All users are encouraged to upgrade to this release, as there are a large number of bug-fixes and optimizations. Before upgrading, we recommend that users check that their own code does not use deprecated SciPy functionality (to do so, run your code with python -Wd and check for DeprecationWarning s). Our development attention will now shift to bug-fix releases on the 1.11.x branch, and on adding new features on the main branch.

This release requires Python 3.9+ and NumPy 1.21.6 or greater.

For running on PyPy, PyPy3 6.0+ is required.

Highlights of this release

• Several scipy.sparse array API improvements, including sparse.sparray, a new public base class distinct from the older sparse.spmatrix class, proper 64-bit index support, and numerous deprecations paving the way to a modern sparse array experience.
• scipy.stats added tools for survival analysis, multiple hypothesis testing, sensitivity analysis, and working with censored data.

... (truncated)

Commits

• cfe8011 REL: 1.11.1 rel commit [wheel build]
• 450d8aa Merge pull request #18779 from tylerjereddy/treddy_1_11_1_prep
• 6f942e8 DOC: update 1.11.1 relnotes
• 145cec5 MAINT: fix unuran licensing
• 0760bab MAINT:linalg.det:Return scalars for singleton inputs (#18763)
• a1c6f99 MAINT:linalg:Use only NumPy types in lu
• 5cdc2fe MAINT:linalg:Remove memcpy from lu
• d9ac3f3 FIX:linalg:Guard against possible permute_l out of bound behavior
• 7ec5010 BUG: fix handling for factorial(..., exact=False) for 0-dim array inputs (#...
• 90415c6 BUG: Fix work array construction for various weight shapes. (#18741)
• Additional commits viewable in compare view

Updates pillow from 6.0.0 to 10.2.0

Release notes

Sourced from pillow's releases.

10.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.2.0.html

Changes

• Add keep_rgb option when saving JPEG to prevent conversion of RGB colorspace #7553 [@​bgilbert]
• Trim negative glyph offsets in ImageFont.getmask() #7672 [@​nulano]
• Removed unnecessary "pragma: no cover" #7668 [@​radarhere]
• Trim glyph size in ImageFont.getmask() #7669 [@​radarhere]
• Fix loading IPTC images and update test #7667 [@​nulano]
• Allow uncompressed TIFF images to be saved in chunks #7650 [@​radarhere]
• Concatenate multiple JPEG EXIF markers #7496 [@​radarhere]
• Changed IPTC tile tuple to match other plugins #7661 [@​radarhere]
• Do not assign new fp attribute when exiting context manager #7566 [@​radarhere]
• Support arbitrary masks for uncompressed RGB DDS images #7589 [@​radarhere]
• Support setting ROWSPERSTRIP tag #7654 [@​radarhere]
• Apply ImageFont.MAX_STRING_LENGTH to ImageFont.getmask() #7662 [@​radarhere]
• Optimise ImageColor using functools.lru_cache #7657 [@​hugovk]
• Restricted environment keys for ImageMath.eval() #7655 [@​radarhere]
• Optimise ImageMode.getmode using functools.lru_cache #7641 [@​hugovk]
• Added trusted PyPI publishing #7616 [@​radarhere]
• Compile FriBiDi for Windows ARM64 #7629 [@​nulano]
• Fix incorrect color blending for overlapping glyphs #7497 [@​ZachNagengast]
• Add .git-blame-ignore-revs file #7528 [@​akx]
• Attempt memory mapping when tile args is a string #7565 [@​radarhere]
• Fill identical pixels with transparency in subsequent frames when saving GIF #7568 [@​radarhere]
• Removed unnecessary string length check #7560 [@​radarhere]
• Determine mask mode in Python instead of C #7548 [@​radarhere]
• Corrected duration when combining multiple GIF frames into single frame #7521 [@​radarhere]
• Handle disposing GIF background from outside palette #7515 [@​radarhere]
• Seek past the data when skipping a PSD layer #7483 [@​radarhere]
• ImageMath: Inline isinstance check #7623 [@​hugovk]
• Update actions/upload-artifact action to v4 #7619 [@​radarhere]
• Import plugins relative to the module #7576 [@​deliangyang]
• Translate encoder error codes to strings; deprecate ImageFile.raise_oserror() #7609 [@​bgilbert]
• Updated readthedocs to latest version of Python #7611 [@​radarhere]
• Support reading BC4U and DX10 BC1 images #6486 [@​REDxEYE]
• Optimize ImageStat.Stat.extrema #7593 [@​florath]
• Handle pathlib.Path in FreeTypeFont #7578 [@​radarhere]
• Use list comprehensions to create transformed lists #7597 [@​hugovk]
• Added support for reading DX10 BC4 DDS images #7603 [@​sambvfx]
• Optimized ImageStat.Stat.count #7599 [@​florath]
• Moved error from truetype() to FreeTypeFont #7587 [@​radarhere]
• Correct PDF palette size when saving #7555 [@​radarhere]
• Fixed closing file pointer with olefile 0.47 #7594 [@​radarhere]
• ruff: Minor optimizations of list comprehensions, x in set, etc. #7524 [@​cclauss]
• Build Windows wheels using cibuildwheel #7580 [@​nulano]
• Raise ValueError when TrueType font size is zero or less #7584 [@​akx]
• Install cibuildwheel from requirements file #7581 [@​hugovk]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.2.0 (2024-01-02)

• Add keep_rgb option when saving JPEG to prevent conversion of RGB colorspace #7553 [bgilbert, radarhere]

• Trim glyph size in ImageFont.getmask() #7669, #7672 [radarhere, nulano]

• Deprecate IptcImagePlugin helpers #7664 [nulano, hugovk, radarhere]

• Allow uncompressed TIFF images to be saved in chunks #7650 [radarhere]

• Concatenate multiple JPEG EXIF markers #7496 [radarhere]

• Changed IPTC tile tuple to match other plugins #7661 [radarhere]

• Do not assign new fp attribute when exiting context manager #7566 [radarhere]

• Support arbitrary masks for uncompressed RGB DDS images #7589 [radarhere, akx]

• Support setting ROWSPERSTRIP tag #7654 [radarhere]

• Apply ImageFont.MAX_STRING_LENGTH to ImageFont.getmask() #7662 [radarhere]

• Optimise ImageColor using functools.lru_cache #7657 [hugovk]

• Restricted environment keys for ImageMath.eval() #7655 [wiredfool, radarhere]

• Optimise ImageMode.getmode using functools.lru_cache #7641 [hugovk, radarhere]

• Fix incorrect color blending for overlapping glyphs #7497 [ZachNagengast, nulano, radarhere]

• Attempt memory mapping when tile args is a string #7565 [radarhere]

• Fill identical pixels with transparency in subsequent frames when saving GIF #7568 [radarhere]

... (truncated)

Commits

• 6956d0b 10.2.0 version bump
• 31c8dac Merge pull request #7675 from python-pillow/pre-commit-ci-update-config
• 40a3f91 Merge pull request #7674 from nulano/url-example
• cb41b0c [pre-commit.ci] pre-commit autoupdate
• de62b25 fix image url in "Reading from URL" example
• 7c526a6 Update CHANGES.rst [ci skip]
• d93a5ad Merge pull request #7553 from bgilbert/jpeg-rgb
• aed764f Update CHANGES.rst [ci skip]
• f8df530 Merge pull request #7672 from nulano/imagefont-negative-crop
• 24e9485 Merge pull request #7671 from radarhere/imagetransform
• Additional commits viewable in compare view

Updates dash from 1.0.0 to 2.15.0

Release notes

Sourced from dash's releases.

Dash v2.15.0

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
  • Add tooltip.style a style object to give to the div of the tooltip.
  • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
• #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

• #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

• #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
• #2721 Remove ansi2html, fixes #2613

Dash v2.14.2

Fixed

• #2700 Fix _allow_dynamic_callbacks for newly-added components.

Dash v2.14.1

Fixed

• #2672 Fix get_caller_name in case the source is not available.

Changed

• #2674 Raise flask & werkzeug limits to <3.1

Dash v2.14.0

Fixed

• #2634 Fix deprecation warning on pkg_resources, fix #2631

Changed

• #2635 Get proper app module name, remove need to give __name__ to Dash constructor.

Added

• #2647 routing_callback_inputs allowing to pass more Input and/or State arguments to the pages routing callback
• #2649 Add _allow_dynamic_callbacks, register new callbacks inside other callbacks. WARNING: dynamic callback creation can be dangerous, use at you own risk. It is not intended for use in a production app, multi-user or multiprocess use as it only works for a single user.

Dash v2.13.0

Changed

• #2610 Load plotly.js bundle/version from plotly.py

... (truncated)

Changelog

Sourced from dash's changelog.

[2.15.0] - 2024-01-31

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
  • Add tooltip.style a style object to give to the div of the tooltip.
  • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
• #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

• #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

• #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
• #2721 Remove ansi2html, fixes #2613

[2.14.2] - 2023-11-27

Fixed

• #2700 Fix _allow_dynamic_callbacks for newly-added components.

[2.14.1] - 2023-10-26

Fixed

• #2672 Fix get_caller_name in case the source is not available.

Changed

• #2674 Raise flask & werkzeug limits to <3.1

[2.14.0] - 2023-10-11

Fixed

• #2634 Fix deprecation warning on pkg_resources, fix #2631

Changed

• #2635 Get proper app module name, remove need to give __name__ to Dash constructor.

Added

• #2647 routing_callback_inputs allowing to pass more Input and/or State arguments to the pages routing callback
• #2649 Add _allow_dynamic_callbacks, register new callbacks inside other callbacks. WARNING: dynamic callback creation can be dangerous, use at you own risk. It is not intended for use in a production app, multi-user or multiprocess use as it only works for a single user.

... (truncated)

Commits

• 115aa4e Merge pull request #2739 from plotly/master-2.15.0
• 9243f93 build
• 83c5422 Version 2.15.0 build artifacts
• 78d07c4 Merge branch 'dev' into master-2.15.0
• 6a8da52 Merge pull request #2737 from plotly/version-2.15.0
• 7cb6f07 build
• da4261e Fix changelog.
• 27751a8 Version 2.15.0
• 49ac14f Merge pull request #2723 from plotly/slider-tips
• 06fb03a docstring typos
• Additional commits viewable in compare view

Updates dash from 1.0.0 to 2.15.0

Release notes

Sourced from dash's releases.

Dash v2.15.0

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
  • Add tooltip.style a style object to give to the div of the tooltip.
  • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
• #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

• #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

• #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
• #2721 Remove ansi2html, fixes #2613

Dash v2.14.2

Fixed

• #2700 Fix _allow_dynamic_callbacks for newly-added components.

Dash v2.14.1

Fixed

• #2672 Fix get_caller_name in case the source is not available.

Changed

• #2674 Raise flask & werkzeug limits to <3.1

Dash v2.14.0

Fixed

• #2634 Fix deprecation warning on pkg_resources, fix #2631

Changed

• #2635 Get proper app module name, remove need to give __name__ to Dash constructor.

Added

• #2647 routing_callback_inputs allowing to pass more Input and/or State arguments to the pages routing callback
• #2649 Add _allow_dynamic_callbacks, register new callbacks inside other callbacks. WARNING: dynamic callback creation can be dangerous, use at you own risk. It is not intended for use in a production app, multi-user or multiprocess use as it only works for a single user.

Dash v2.13.0

Changed

• #2610 Load plotly.js bundle/version from plotly.py

... (truncated)

Changelog

Sourced from dash's changelog.

[2.15.0] - 2024-01-31

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
  • Add tooltip.style a style object to give to the div of the tooltip.
  • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
• #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

• #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

• #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
• #2721 Remove ansi2html, fixes #2613

[2.14.2] - 2023-11-27

Fixed

• #2700 Fix _allow_dynamic_callbacks for newly-added components.

[2.14.1] - 2023-10-26

Fixed

• #2672 Fix get_caller_name in case the source is not available.

Changed

• #2674 Raise flask & werkzeug limits to <3.1

[2.14.0] - 2023-10-11

Fixed

• #2634 Fix deprecation warning on pkg_resources, fix #2631

Changed

• #2635 Get proper app module name, remove need to give __name__ to Dash constructor.

Added

• #2647 routing_callback_inputs allowing to pass more Input and/or State arguments to the pages routing callback
• #2649 Add _allow_dynamic_callbacks, register new callbacks inside other callbacks. WARNING: dynamic callback creation can be dangerous, use at you own risk. It is not intended for use in a production app, multi-user or multiprocess use as it only works for a single user.

... (truncated)

Commits

• 115aa4e Merge pull request #2739 from plotly/master-2.15.0
• 9243f93 build
• 83c5422 Version 2.15.0 build artifacts
• 78d07c4 Merge branch 'dev' into master-2.15.0
• 6a8da52 Merge pull request #2737 from plotly/version-2.15.0
• 7cb6f07 build
• da4261e Fix changelog.
• 27751a8 Version 2.15.0
• 49ac14f Merge pull request #2723 from plotly/slider-tips
• 06fb03a docstring typos
• Additional commits viewable in compare view

Updates requests from 2.22.0 to 2.31.0

Release notes

Sourced from requests's releases.

v2.31.0

2.31.0 (2023-05-22)

Security

• Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

  When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

  In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

  Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

  Full details can be read in our Github Security Advisory and CVE-2023-32681.

v2.30.0

2.30.0 (2023-05-03)

Dependencies

• ⚠️ Added support for urllib3 2.0. ⚠️

  This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading.

  Users who wish to stay on urllib3 1.x can pin to urllib3<2.

v2.29.0

2.29.0 (2023-04-26)

Improvements

• Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
• Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

... (truncated)

Changelog

Sourced from requests's changelog.

2.31.0 (2023-05-22)

Security

• Versions of Requests between v2.3.0 and v2.30.0 are vulnerable to potential forwarding of Proxy-Authorization headers to destination servers when following HTTPS redirects.

  When proxies are defined with user info (https://user:pass@proxy:8080), Requests will construct a Proxy-Authorization header that is attached to the request to authenticate with the proxy.

  In cases where Requests receives a redirect response, it previously reattached the Proxy-Authorization header incorrectly, resulting in the value being sent through the tunneled connection to the destination server. Users who rely on defining their proxy credentials in the URL are strongly encouraged to upgrade to Requests 2.31.0+ to prevent unintentional leakage and rotate their proxy credentials once the change has been fully deployed.

  Users who do not use a proxy or do not supply their proxy credentials through the user information portion of their proxy URL are not subject to this vulnerability.

  Full details can be read in our Github Security Advisory and CVE-2023-32681.

2.30.0 (2023-05-03)

Dependencies

• ⚠️ Added support for urllib3 2.0. ⚠️

  This may contain minor breaking changes so we advise careful testing and reviewing https://urllib3.readthedocs.io/en/latest/v2-migration-guide.html prior to upgrading.

  Users who wish to stay on urllib3 1.x can pin to urllib3<2.

2.29.0 (2023-04-26)

Improvements

• Requests now defers chunked requests to the urllib3 implementation to improve standardization. (#6226)
• Requests relaxes header component requirements to support bytes/str subclasses. (#6356)

2.28.2 (2023-01-12)

... (truncated)

Commits

• 147c851 v2.31.0
• 74ea7cf Merge pull request from GHSA-j8r2-6x86-q33q
• 3022253 test on pypy 3.8 and pypy 3.9 on windows and macos (#6424)
• b639e66 test on py3.12 (#6448)
• d3d5044 Fixed a small typo (#6452)
• 2ad18e0 v2.30.0
• f2629e9 Remove strict parameter (#6434)
• 87d63de v2.29.0
• 51716c4 enable the warnings plugin (#6416)
• a7da1ab try on ubuntu 22.04 (#6418)
• Additional commits viewable in compare view

Updates dash from 1.0.0 to 2.15.0

Release notes

Sourced from dash's releases.

Dash v2.15.0

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template, {value} will be formatted with the actual value.
  • Add tooltip.style a style object to give to the div of the tooltip.
  • Add tooltip.transform a reference to a function in the window.dccFunctions namespace.
• #2732 Add special key _dash_error to setProps, allowing component developers to send error without throwing in render. Usage props.setProps({_dash_error: new Error("custom error")})

Fixed

• #2732 Sanitize html props that are vulnerable to xss vulnerability if user data is inserted. Fix Validate url to prevent XSS attacks #2729

Changed

• #2652 dcc.Clipboard supports htm_content and triggers a copy to clipboard when n_clicks are changed
• #2721 Remove ansi2html, fixes #2613

Dash v2.14.2

Fixed

• #2700 Fix _allow_dynamic_callbacks for newly-added components.

Dash v2.14.1

Fixed

• #2672 Fix get_caller_name in case the source is not available.

Changed

• #2674 Raise flask & werkzeug limits to <3.1

Dash v2.14.0

Fixed

• #2634 Fix deprecation warning on pkg_resources, fix #2631

Changed

• #2635 Get proper app module name, remove need to give __name__ to Dash constructor.

Added

• #2647 routing_callback_inputs allowing to pass more Input and/or State arguments to the pages routing callback
• #2649 Add _allow_dynamic_callbacks, register new callbacks inside other callbacks. WARNING: dynamic callback creation can be dangerous, use at you own risk. It is not intended for use in a production app, multi-user or multiprocess use as it only works for a single user.

Dash v2.13.0

Changed

• #2610 Load plotly.js bundle/version from plotly.py

... (truncated)

Changelog

Sourced from dash's changelog.

[2.15.0] - 2024-01-31

Added

• #2695 Adds triggered_id to dash_clientside.callback_context. Fixes #2692
• #2723 Improve dcc Slider/RangeSlider tooltips. Fixes #1846
  • Add tooltip.template a string for the format template,...

    Description has been truncated