Skip to content

Bump the pip group across 8 directories with 8 updates#694

Closed
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/cli/pip-1ba0fe6434
Closed

Bump the pip group across 8 directories with 8 updates#694
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/cli/pip-1ba0fe6434

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github Jun 10, 2026

Copy link
Copy Markdown
Contributor

Warning

Dependabot will stop supporting python v3.9!

Please upgrade to one of the following versions: v3.9, v3.10, v3.11, v3.12, v3.13, or v3.14.

Bumps the pip group with 1 update in the /cli directory: cryptography.
Bumps the pip group with 1 update in the /examples/cc/rano/implementation directory: onnx.
Bumps the pip group with 1 update in the /examples/chestxray_tutorial/data_preparator/project directory: pillow.
Bumps the pip group with 1 update in the /examples/chestxray_tutorial/model_custom_cnn/project directory: torch.
Bumps the pip group with 1 update in the /examples/fl/fl/project directory: onnx.
Bumps the pip group with 1 update in the /examples/fl/prep/project directory: pillow.
Bumps the pip group with 1 update in the /examples/fl_post/fl/project directory: onnx.
Bumps the pip group with 4 updates in the /server directory: djangorestframework, pyopenssl, werkzeug and djangorestframework-simplejwt.

Updates cryptography from 46.0.3 to 46.0.7

Changelog

Sourced from cryptography's changelog.

46.0.7 - 2026-04-07


* **SECURITY ISSUE**: Fixed an issue where non-contiguous buffers could be
  passed to APIs that accept Python buffers, which could lead to buffer
  overflow. **CVE-2026-39892**
* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.6.

.. _v46-0-6:

46.0.6 - 2026-03-25

  • SECURITY ISSUE: Fixed a bug where name constraints were not applied to peer names during verification when the leaf certificate contains a wildcard DNS SAN. Ordinary X.509 topologies are not affected by this bug, including those used by the Web PKI. Credit to Oleh Konko (1seal) for reporting the issue. CVE-2026-34073

.. _v46-0-5:

46.0.5 - 2026-02-10


* An attacker could create a malicious public key that reveals portions of your
  private key when using certain uncommon elliptic curves (binary curves).
  This version now includes additional security checks to prevent this attack.
  This issue only affects binary elliptic curves, which are rarely used in
  real-world applications. Credit to **XlabAI Team of Tencent Xuanwu Lab and
  Atuin Automated Vulnerability Discovery Engine** for reporting the issue.
  **CVE-2026-26007**
* Support for ``SECT*`` binary elliptic curves is deprecated and will be
  removed in the next release.

.. v46-0-4:

46.0.4 - 2026-01-27

  • Dropped support for win_arm64 wheels_.
  • Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.5.5.

.. _v46-0-3:

Commits

Updates onnx from 1.16.2 to 1.21.0

Release notes

Sourced from onnx's releases.

v1.21.0

ONNX v1.21.0 is now available with exciting new features! We would like to thank everyone who contributed to this release! Please visit onnx.ai to learn more about ONNX and associated projects.

What's Changed

Breaking Changes and Deprecations

Spec and Operator

Reference Implementation

Utilities and Tools

Build, CI and Tests

... (truncated)

Commits

Updates pillow from 9.5.0 to 12.2.0

Release notes

Sourced from pillow's releases.

12.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

Dependencies

Testing

Other changes

... (truncated)

Changelog

Sourced from pillow's changelog.

Changelog (Pillow)

11.1.0 and newer

See GitHub Releases:

11.0.0 (2024-10-15)

  • Update licence to MIT-CMU #8460 [hugovk]

  • Conditionally define ImageCms type hint to avoid requiring core #8197 [radarhere]

  • Support writing LONG8 offsets in AppendingTiffWriter #8417 [radarhere]

  • Use ImageFile.MAXBLOCK when saving TIFF images #8461 [radarhere]

  • Do not close provided file handles with libtiff when saving #8458 [radarhere]

  • Support ImageFilter.BuiltinFilter for I;16* images #8438 [radarhere]

  • Use ImagingCore.ptr instead of ImagingCore.id #8341 [homm, radarhere, hugovk]

  • Updated EPS mode when opening images without transparency #8281 [Yay295, radarhere]

  • Use transparency when combining P frames from APNGs #8443 [radarhere]

  • Support all resampling filters when resizing I;16* images #8422 [radarhere]

  • Free memory on early return #8413 [radarhere]

  • Cast int before potentially exceeding INT_MAX #8402 [radarhere]

... (truncated)

Commits

Updates torch from 2.0.1 to 2.12.0+cpu

Updates onnx from 1.13.0 to 1.21.0

Release notes

Sourced from onnx's releases.

v1.21.0

ONNX v1.21.0 is now available with exciting new features! We would like to thank everyone who contributed to this release! Please visit onnx.ai to learn more about ONNX and associated projects.

What's Changed

Breaking Changes and Deprecations

Spec and Operator

Reference Implementation

Utilities and Tools

Build, CI and Tests

... (truncated)

Commits

Updates pillow from 10.2.0 to 12.2.0

Release notes

Sourced from pillow's releases.

12.2.0

https://pillow.readthedocs.io/en/stable/releasenotes/12.2.0.html

Documentation

Dependencies

Testing

Other changes

... (truncated)

Changelog

Sourced from pillow's changelog.

Changelog (Pillow)

11.1.0 and newer

See GitHub Releases:

11.0.0 (2024-10-15)

  • Update licence to MIT-CMU #8460 [hugovk]

  • Conditionally define ImageCms type hint to avoid requiring core #8197 [radarhere]

  • Support writing LONG8 offsets in AppendingTiffWriter #8417 [radarhere]

  • Use ImageFile.MAXBLOCK when saving TIFF images #8461 [radarhere]

  • Do not close provided file handles with libtiff when saving #8458 [radarhere]

  • Support ImageFilter.BuiltinFilter for I;16* images #8438 [radarhere]

  • Use ImagingCore.ptr instead of ImagingCore.id #8341 [homm, radarhere, hugovk]

  • Updated EPS mode when opening images without transparency #8281 [Yay295, radarhere]

  • Use transparency when combining P frames from APNGs #8443 [radarhere]

  • Support all resampling filters when resizing I;16* images #8422 [radarhere]

  • Free memory on early return #8413 [radarhere]

  • Cast int before potentially exceeding INT_MAX #8402 [radarhere]

... (truncated)

Commits

Updates onnx from 1.13.0 to 1.21.0

Release notes

Sourced from onnx's releases.

v1.21.0

ONNX v1.21.0 is now available with exciting new features! We would like to thank everyone who contributed to this release! Please visit onnx.ai to learn more about ONNX and associated projects.

What's Changed

Breaking Changes and Deprecations

Spec and Operator

Reference Implementation

Utilities and Tools

Build, CI and Tests

... (truncated)

Commits

Updates djangorestframework from 3.14.0 to 3.15.2

Release notes

Sourced from djangorestframework's releases.

3.15.2

What's Changed

Bumps the pip group with 1 update in the /cli directory: [cryptography](https://github.com/pyca/cryptography).
Bumps the pip group with 1 update in the /examples/cc/rano/implementation directory: [onnx](https://github.com/onnx/onnx).
Bumps the pip group with 1 update in the /examples/chestxray_tutorial/data_preparator/project directory: [pillow](https://github.com/python-pillow/Pillow).
Bumps the pip group with 1 update in the /examples/chestxray_tutorial/model_custom_cnn/project directory: torch.
Bumps the pip group with 1 update in the /examples/fl/fl/project directory: [onnx](https://github.com/onnx/onnx).
Bumps the pip group with 1 update in the /examples/fl/prep/project directory: [pillow](https://github.com/python-pillow/Pillow).
Bumps the pip group with 1 update in the /examples/fl_post/fl/project directory: [onnx](https://github.com/onnx/onnx).
Bumps the pip group with 4 updates in the /server directory: [djangorestframework](https://github.com/encode/django-rest-framework), [pyopenssl](https://github.com/pyca/pyopenssl), [werkzeug](https://github.com/pallets/werkzeug) and [djangorestframework-simplejwt](https://github.com/jazzband/djangorestframework-simplejwt).


Updates `cryptography` from 46.0.3 to 46.0.7
- [Changelog](https://github.com/pyca/cryptography/blob/main/CHANGELOG.rst)
- [Commits](pyca/cryptography@46.0.3...46.0.7)

Updates `onnx` from 1.16.2 to 1.21.0
- [Release notes](https://github.com/onnx/onnx/releases)
- [Changelog](https://github.com/onnx/onnx/blob/main/docs/Changelog-ml.md)
- [Commits](onnx/onnx@v1.16.2...v1.21.0)

Updates `pillow` from 9.5.0 to 12.2.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@9.5.0...12.2.0)

Updates `torch` from 2.0.1 to 2.12.0+cpu

Updates `onnx` from 1.13.0 to 1.21.0
- [Release notes](https://github.com/onnx/onnx/releases)
- [Changelog](https://github.com/onnx/onnx/blob/main/docs/Changelog-ml.md)
- [Commits](onnx/onnx@v1.16.2...v1.21.0)

Updates `pillow` from 10.2.0 to 12.2.0
- [Release notes](https://github.com/python-pillow/Pillow/releases)
- [Changelog](https://github.com/python-pillow/Pillow/blob/main/CHANGES.rst)
- [Commits](python-pillow/Pillow@9.5.0...12.2.0)

Updates `onnx` from 1.13.0 to 1.21.0
- [Release notes](https://github.com/onnx/onnx/releases)
- [Changelog](https://github.com/onnx/onnx/blob/main/docs/Changelog-ml.md)
- [Commits](onnx/onnx@v1.16.2...v1.21.0)

Updates `djangorestframework` from 3.14.0 to 3.15.2
- [Release notes](https://github.com/encode/django-rest-framework/releases)
- [Commits](encode/django-rest-framework@3.14.0...3.15.2)

Updates `pyopenssl` from 25.3.0 to 26.0.0
- [Changelog](https://github.com/pyca/pyopenssl/blob/main/CHANGELOG.rst)
- [Commits](pyca/pyopenssl@25.3.0...26.0.0)

Updates `werkzeug` from 3.0.6 to 3.1.6
- [Release notes](https://github.com/pallets/werkzeug/releases)
- [Changelog](https://github.com/pallets/werkzeug/blob/main/CHANGES.rst)
- [Commits](pallets/werkzeug@3.0.6...3.1.6)

Updates `djangorestframework-simplejwt` from 5.3.1 to 5.5.1
- [Release notes](https://github.com/jazzband/djangorestframework-simplejwt/releases)
- [Changelog](https://github.com/jazzband/djangorestframework-simplejwt/blob/master/CHANGELOG.md)
- [Commits](jazzband/djangorestframework-simplejwt@v5.3.1...v5.5.1)

---
updated-dependencies:
- dependency-name: cryptography
  dependency-version: 46.0.7
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: onnx
  dependency-version: 1.21.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pillow
  dependency-version: 12.2.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: torch
  dependency-version: 2.12.0+cpu
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: onnx
  dependency-version: 1.21.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pillow
  dependency-version: 12.2.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: onnx
  dependency-version: 1.21.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: djangorestframework
  dependency-version: 3.15.2
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pyopenssl
  dependency-version: 26.0.0
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: werkzeug
  dependency-version: 3.1.6
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: djangorestframework-simplejwt
  dependency-version: 5.5.1
  dependency-type: direct:production
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot requested a review from a team as a code owner June 10, 2026 19:25
@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Jun 10, 2026
@dependabot dependabot Bot requested a deployment to testing-external-code June 10, 2026 19:25 Waiting
@github-actions

Copy link
Copy Markdown
Contributor

MLCommons CLA bot All contributors have signed the MLCommons CLA ✍️ ✅

@dependabot @github

dependabot Bot commented on behalf of github Jun 11, 2026

Copy link
Copy Markdown
Contributor Author

Superseded by #695.

@dependabot dependabot Bot closed this Jun 11, 2026
@dependabot dependabot Bot deleted the dependabot/pip/cli/pip-1ba0fe6434 branch June 11, 2026 00:42
@github-actions github-actions Bot locked and limited conversation to collaborators Jun 11, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

0 participants