Bump the production-dependencies group across 1 directory with 7 updates

[dependabot]

Bumps the production-dependencies group with 7 updates in the / directory:

Package	From	To
asteval	1.0.0	1.0.2
cachetools	5.3.3	5.5.0
numpy	2.0.0	2.1.0
pyphen	0.15.0	0.16.0
shapely	2.0.4	2.0.5
matplotlib	3.9.1	3.9.2
moderngl	5.10.0	5.11.0

Updates asteval from 1.0.0 to 1.0.2

Release notes

Sourced from asteval's releases.

1.0.2

bug fixes:

• fix NameError handling in expression code
• make exception messages more Python-like

1.0.1

security fixes, based on audit by Andrew Effenhauser, Ayman Hammad, and Daniel Crowley, IBM X-Force Security Research division

• remove numpy modules polynomial, fft, linalg by default for security concerns
• disallow string.format(), improve security of f-string evaluation

Commits

• 22f6f48 more work to make exception messages more Python like
• d837fb9 put exception name with message, more like Python exception
• 1dec732 Merge pull request #130 from shazarivf/fix-nameerror-handling
• cab435a fix NameError handling in expression code
• c673c8b update doc to describe audit by IBM security research group
• d85e7cb remove numpy modules polynomial, fft, linalg by default for security concerns
• 1b453ec disallow string.format(), improve security of f-string evaluation
• See full diff in compare view

Updates cachetools from 5.3.3 to 5.5.0

Changelog

Sourced from cachetools's changelog.

v5.5.0 (2024-08-18)

• TTLCache.expire() returns iterable of expired (key, value) pairs.

• TLRUCache.expire() returns iterable of expired (key, value) pairs.

• Documentation improvements.

• Update CI environment.

v5.4.0 (2024-07-15)

• Add the keys.typedmethodkey decorator.

• Deprecate MRUCache class.

• Deprecate @func.mru_cache decorator.

• Update CI environment.

Commits

• 6c78a8f Bump version.
• 8841efd Release v5.5.0.
• f2ccaca Format tests with black.
• 237ad80 Fix #278: Improve TLRUCache docs.
• e960781 Fix #302: Improve cachetools.keys unit tests.
• ea158fc Bump actions/setup-python from 5.1.0 to 5.1.1
• 8a38daf Update expire docs.
• 7be40f0 TLRUCache.expire() returns iterable of expired (key, value) pairs.
• c22fc7d Fix #292, fix #205, fix #103: TTLCache.expire() returns iterable of expired (...
• 990665b Release v5.4.0.
• Additional commits viewable in compare view

Updates numpy from 2.0.0 to 2.1.0

Release notes

Sourced from numpy's releases.

2.1.0 (Aug 18, 2024)

NumPy 2.1.0 Release Notes

NumPy 2.1.0 provides support for the upcoming Python 3.13 release and drops support for Python 3.9. In addition to the usual bug fixes and updated Python support, it helps get us back into our usual release cycle after the extended development of 2.0. The highlights for this release are:

• Support for the array-api 2023.12 standard.
• Support for Python 3.13.
• Preliminary support for free threaded Python 3.13.

Python versions 3.10-3.13 are supported in this release.

New functions

New function numpy.unstack

A new function np.unstack(array, axis=...) was added, which splits an array into a tuple of arrays along an axis. It serves as the inverse of [numpy.stack]{.title-ref}.

(gh-26579)

Deprecations

• The fix_imports keyword argument in numpy.save is deprecated. Since NumPy 1.17, numpy.save uses a pickle protocol that no longer supports Python 2, and ignored fix_imports keyword. This keyword is kept only for backward compatibility. It is now deprecated.

  (gh-26452)

• Passing non-integer inputs as the first argument of [bincount]{.title-ref} is now deprecated, because such inputs are silently cast to integers with no warning about loss of precision.

  (gh-27076)

Expired deprecations

• Scalars and 0D arrays are disallowed for numpy.nonzero and numpy.ndarray.nonzero.

  (gh-26268)

• set_string_function internal function was removed and PyArray_SetStringFunction was stubbed out.

... (truncated)

Commits

• 2f7fe64 Merge pull request #27236 from charris/prepare-2.1.0
• b6f434f REL: Prepare for the NumPy 2.1.0 release [wheel build]
• 3cf9394 Merge pull request #27234 from charris/backport-25984
• 7443dcc Merge pull request #27233 from charris/backport-27223
• 85b1cab BUG: Allow fitting of degree zero polynomials with Polynomial.fit
• 395a81d DOC: reword discussion about shared arrays to hopefully be clearer
• 5af2e96 Move NUMUSERTYPES thread safety discussion to legacy DType API docs
• d902c24 DOC: add docs on thread safety in NumPy
• c080180 Merge pull request #27229 from charris/backport-27226
• 44ce7e8 BUG: Fix PyArray_ZeroContiguousBuffer (resize) with struct dtypes
• Additional commits viewable in compare view

Updates pyphen from 0.15.0 to 0.16.0

Release notes

Sourced from pyphen's releases.

0.16.0

• Close file when reading encoding
• Update dictionary repository

Changelog

Sourced from pyphen's changelog.

Version 0.16.0

Released on 2024-07-30.

• Close file when reading encoding
• Update dictionary repository

Commits

• a74cae4 Version 0.16.0
• e0623ad Update dictionary repository
• 6f3f769 Close file when reading encoding
• See full diff in compare view

Updates shapely from 2.0.4 to 2.0.5

Release notes

Sourced from shapely's releases.

2.0.5

Binary wheels on PyPI include GEOS 3.11.4 from 2024-06-05. Furthermore, universal2 wheels are removed for macOS since both x86_64 and arm64 wheels are provided.

Bug fixes:

• Fix Point x/y/z attributes to return Python floats (#2074).
• Fix affinity for Apple silicon with NumPy 2.0 by reverting matmul, and use direct matrix multiplication instead (#2085).

For a full changelog, see https://shapely.readthedocs.io/en/latest/release/2.x.html#version-2-0-5

Changelog

Sourced from shapely's changelog.

2.0.5 (2024-07-13)

Binary wheels on PyPI include GEOS 3.11.4 from 2024-06-05. Furthermore, universal2 wheels are removed for macOS since both x86_64 and arm64 wheels are provided.

Bug fixes:

• Fix Point x/y/z attributes to return Python floats (#2074).
• Fix affinity for Apple silicon with NumPy 2.0 by reverting matmul, and use direct matrix multiplication instead (#2085).

Commits

• a4fe42f RLS: 2.0.5
• 0bfcf3a DOC/RLS: starts changelog for 2.0.5 (#2088)
• b186704 RLS/CI: upgrade GEOS versions to latest minor, add more to CI matrix (#2086)
• 1ede9b2 FIX: replace matmul with manual matrix multiplication for affinity (#2085)
• 0748c40 BUG: fix Point x/y/z/m attribtues to return Python floats (#2074)
• 7903b2d Bump pypa/cibuildwheel from 2.19.1 to 2.19.2 (#2083)
• e75c3a2 RLS/BLD: use native Apple Silicon macOS for arm64 wheels; remove universal2 (...
• 13eb644 BLD: replace pkg_resources, prepend numpy include dirs (#2071)
• ac283c3 CI: Update macos-11 image to macos-13 (#2072)
• 473c202 Bump pypa/cibuildwheel from 2.18.1 to 2.19.1 (#2068)
• Additional commits viewable in compare view

Updates matplotlib from 3.9.1 to 3.9.2

Release notes

Sourced from matplotlib's releases.

REL: 3.9.2

This is the second bugfix release of the 3.9.x series.

This release contains several bug-fixes and adjustments:

• Be more resilient to I/O failures when writing font cache
• Fix nondeterministic behavior with subplot spacing and constrained layout
• Fix sticky edge tolerance relative to data range
• Improve formatting of image values in cases of singular norms

Windows wheels now bundle the MSVC runtime DLL statically to avoid inconsistencies with other wheels and random crashes depending on import order.

Commits

• a254b68 REL: 3.9.2
• 056f307 DOC: Create release notes for 3.9.2
• 8d867ce Merge branch 'v3.9.1-doc' into v3.9.x
• 7be8675 Merge pull request #28687 from QuLogic/static-msvc
• 3ed3d7b Merge pull request #28695 from meeseeksmachine/auto-backport-of-pr-27797-on-v...
• 8a62afa BLD: Include MSVCP140 runtime statically
• 81be26f Merge pull request #28688 from QuLogic/auto-backport-of-pr-28668-on-v3.9.x
• d88a582 Backport PR #27797: DOC: Use video files for saving animations
• e3159ba Merge pull request #28692 from meeseeksmachine/auto-backport-of-pr-28632-on-v...
• 465401e Backport PR #28632: DOC: Tell sphinx-gallery to link mpl_toolkits from our build
• Additional commits viewable in compare view

Updates moderngl from 5.10.0 to 5.11.0

Changelog

Sourced from moderngl's changelog.

Change Log

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

main

Commits

• a514233 update release action
• 2aadca5 external data examples
• 1ac8c37 organize examples data
• b68a5dc imgui integration example
• b32b3a6 upadte headless example
• 43b0d1f update some moderngl window examples
• 580fc59 initialize examples readme
• ee9631f move more examples
• 375bdff new examples
• c4dde54 move examples to old
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.