Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump the pip group across 1 directory with 6 updates #18

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Bump the pip group across 1 directory with 6 updates #18

wants to merge 1 commit into from

Conversation

dependabot[bot]
Copy link

@dependabot dependabot bot commented on behalf of github Jun 28, 2024

Bumps the pip group with 6 updates in the /backend/requirements directory:

Package From To
aiohttp 3.9.2 3.9.4
litellm 1.34.21 1.40.29
llama-index 0.9.45 0.10.13
pydantic 1.10.7 1.10.13
requests 2.31.0 2.32.2
black 23.3.0 24.3.0

Updates aiohttp from 3.9.2 to 3.9.4

Release notes

Sourced from aiohttp's releases.

3.9.4

Bug fixes

  • The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

    Related issues and pull requests on GitHub: #8089.

  • Treated values of Accept-Encoding header as case-insensitive when checking for gzip files -- by :user:steverep.

    Related issues and pull requests on GitHub: #8104.

  • Improved the DNS resolution performance on cache hit -- by :user:bdraco.

    This is achieved by avoiding an :mod:asyncio task creation in this case.

    Related issues and pull requests on GitHub: #8163.

  • Changed the type annotations to allow dict on :meth:aiohttp.MultipartWriter.append, :meth:aiohttp.MultipartWriter.append_json and :meth:aiohttp.MultipartWriter.append_form -- by :user:cakemanny

    Related issues and pull requests on GitHub: #7741.

  • Ensure websocket transport is closed when client does not close it -- by :user:bdraco.

    The transport could remain open if the client did not close it. This change ensures the transport is closed when the client does not close it.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.9.4 (2024-04-11)

Bug fixes

  • The asynchronous internals now set the underlying causes when assigning exceptions to the future objects -- by :user:webknjaz.

    Related issues and pull requests on GitHub: :issue:8089.

  • Treated values of Accept-Encoding header as case-insensitive when checking for gzip files -- by :user:steverep.

    Related issues and pull requests on GitHub: :issue:8104.

  • Improved the DNS resolution performance on cache hit -- by :user:bdraco.

    This is achieved by avoiding an :mod:asyncio task creation in this case.

    Related issues and pull requests on GitHub: :issue:8163.

  • Changed the type annotations to allow dict on :meth:aiohttp.MultipartWriter.append, :meth:aiohttp.MultipartWriter.append_json and :meth:aiohttp.MultipartWriter.append_form -- by :user:cakemanny

    Related issues and pull requests on GitHub: :issue:7741.

  • Ensure websocket transport is closed when client does not close it -- by :user:bdraco.

    The transport could remain open if the client did not close it. This change ensures the transport is closed when the client does not close it.

... (truncated)

Commits

Updates litellm from 1.34.21 to 1.40.29

Release notes

Sourced from litellm's releases.

v1.40.29

What's Changed

New Contributors

Full Changelog: BerriAI/litellm@v1.40.28...v1.40.29

Docker Run LiteLLM Proxy

docker run \
-e STORE_MODEL_IN_DB=True \
-p 4000:4000 \
ghcr.io/berriai/litellm:main-v1.40.29

Don't want to maintain your internal proxy? get in touch 🎉

Hosted Proxy Alpha: https://calendly.com/d/4mp-gd3-k5k/litellm-1-1-onboarding-chat

Load Test LiteLLM Proxy Results

Name Status Median Response Time (ms) Average Response Time (ms) Requests/s Failures/s Request Count Failure Count Min Response Time (ms) Max Response Time (ms)
/chat/completions Passed ✅ 150.0 169.90346260031845 6.295057404345822 0.0 1884 0 116.81983199997603 1212.0624549999661
Aggregated Passed ✅ 150.0 169.90346260031845 6.295057404345822 0.0 1884 0 116.81983199997603 1212.0624549999661

v1.40.28

What's Changed

New Contributors

... (truncated)

Commits
  • 94c069e fix(cost_calculator.py): infer provider name if not given
  • 2faa6f7 fix(factory.py): get image type from response headers
  • eaa6441 test fix secret detection
  • 0cd25c2 Merge pull request #4447 from BerriAI/litellm_fix_error_on_v2_model_info
  • ed32fb7 Merge pull request #4444 from BerriAI/litellm_better_Secret_redact
  • 0c6cd2c fix error message on v2/model info
  • baf55a8 fix secret scanner
  • 84ee370 add stricter secret detection
  • 552bac5 feat - improve secret detection
  • c9cee3d test - test_chat_completion_request_with_redaction
  • Additional commits viewable in compare view

Updates llama-index from 0.9.45 to 0.10.13

Release notes

Sourced from llama-index's releases.

v0.10.13

New Features

  • Added a llama-pack for KodaRetriever, for on-the-fly alpha tuning (#11311)
  • Added support for mistral-large (#11398)
  • Last token pooling mode for huggingface embeddings models like SFR-Embedding-Mistral (#11373)
  • Added fsspec support to SimpleDirectoryReader (#11303)

Bug Fixes / Nits

  • Fixed an issue with context window + prompt helper (#11379)
  • Moved OpenSearch vector store to BasePydanticVectorStore (#11400)
  • Fixed function calling in fireworks LLM (#11363)
  • Made cohere embedding types more automatic (#11288)
  • Improve function calling in react agent (#11280)
  • Fixed MockLLM imports (#11376)

v0.10.12

No release notes provided.

v0.10.11

No release notes provided.

v0.10.10

No release notes provided.

v0.10.8

No release notes provided.

v0.10.7

New Features

  • Added Self-Discover llamapack (#10951)

Bug Fixes / Nits

  • Fixed linting in CICD (#10945)
  • Fixed using remote graph stores (#10971)
  • Added missing LLM kwarg in NoText response synthesizer (#10971)
  • Fixed openai import in rankgpt (#10971)
  • Fixed resolving model name to string in openai embeddings (#10971)
  • Off by one error in sentence window node parser (#10971)

v0.10.6

[0.10.6] - 2024-02-17

First, apologies for missing the changelog the last few versions. Trying to figure out the best process with 400+ packages.

At some point, each package will have a dedicated changelog.

... (truncated)

Changelog

Sourced from llama-index's changelog.

[0.10.13] - 2024-02-26

New Features

  • Added a llama-pack for KodaRetriever, for on-the-fly alpha tuning (#11311)
  • Added support for mistral-large (#11398)
  • Last token pooling mode for huggingface embeddings models like SFR-Embedding-Mistral (#11373)
  • Added fsspec support to SimpleDirectoryReader (#11303)

Bug Fixes / Nits

  • Fixed an issue with context window + prompt helper (#11379)
  • Moved OpenSearch vector store to BasePydanticVectorStore (#11400)
  • Fixed function calling in fireworks LLM (#11363)
  • Made cohere embedding types more automatic (#11288)
  • Improve function calling in react agent (#11280)
  • Fixed MockLLM imports (#11376)

[0.10.12] - 2024-02-22

New Features

  • Added llama-index-postprocessor-colbert-rerank package (#11057)
  • MyMagicAI LLM (#11263)
  • MariaTalk LLM (#10925)
  • Add retries to github reader (#10980)
  • Added FireworksAI embedding and LLM modules (#10959)

Bug Fixes / Nits

  • Fixed string formatting in weaviate (#11294)
  • Fixed off-by-one error in semantic splitter (#11295)
  • Fixed download_llama_pack for multiple files (#11272)
  • Removed BUILD files from packages (#11267)
  • Loosened python version reqs for all packages (#11267)
  • Fixed args issue with chromadb (#11104)

[0.10.11] - 2024-02-21

Bug Fixes / Nits

  • Fixed multi-modal LLM for async acomplete (#11064)
  • Fixed issue with llamaindex-cli imports (#11068)

[0.10.10] - 2024-02-20

I'm still a bit wonky with our publishing process -- apologies. This is just a version bump to ensure the changes that were supposed to happen in 0.10.9 actually did get published. (AF)

... (truncated)

Commits
  • 6d642a0 Logan/release v0.10.13 (#11408)
  • 78a4c9e fix prompt helper init (#11379)
  • 52383c7 Update opensearch vectorstore to PydanticVectorStore class (#11400)
  • 4077fee Astra DB Vector store, package rename for naming consistency (#11056)
  • 65290f5 Alpha Tuning Llama Pack: KodaRetriever (#11311)
  • 70d4a5c Only firefunction is function calling (#11363)
  • 3a10235 Elastic Search retrieval : Bug Fix for Cases when No Relationships Detected (...
  • 0b13b8d Add support for mistral-large (#11398)
  • 1f48dd9 Astra DB clients identify themselves as coming through LlamaIndex usage (#11396)
  • 6024956 Last token pooling for Huggingface models like SFR-Embedding-Mistral (#11373)
  • Additional commits viewable in compare view

Updates pydantic from 1.10.7 to 1.10.13

Release notes

Sourced from pydantic's releases.

V1.10.13 2023-09-27

What's Changed

Full Changelog: pydantic/pydantic@v1.10.12...v1.10.13

V1.10.12

What's Changed

New Contributors

Full Changelog: pydantic/pydantic@v1.10.11...v1.10.12

V1.10.11

What's Changed

New Contributors

Full Changelog: pydantic/pydantic@v1.10.10...v1.10.11

V1.10.10

What's Changed

New Contributors

Full Changelog: pydantic/pydantic@v1.10.9...v1.10.10

V1.10.9

What's Changed

... (truncated)

Changelog

Sourced from pydantic's changelog.

v1.10.13 (2023-09-27)

v1.10.12 (2023-07-24)

  • Fixes the maxlen property being dropped on deque validation. Happened only if the deque item has been typed. Changes the _validate_sequence_like func, #6581 by @​maciekglowka

v1.10.11 (2023-07-04)

  • Importing create_model in tools.py through relative path instead of absolute path - so that it doesn't import V2 code when copied over to V2 branch, #6361 by @​SharathHuddar

v1.10.10 (2023-06-30)

v1.10.9 (2023-06-07)

v1.10.8 (2023-05-23)

Commits

Updates requests from 2.31.0 to 2.32.2

Release notes

Sourced from requests's releases.

v2.32.2

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

v2.32.1

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

v2.32.0

2.32.0 (2024-05-20)

🐍 PYCON US 2024 EDITION 🐍

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

... (truncated)

Changelog

Sourced from requests's changelog.

2.32.2 (2024-05-21)

Deprecations

  • To provide a more stable migration for custom HTTPAdapters impacted by the CVE changes in 2.32.0, we've renamed _get_connection to a new public API, get_connection_with_tls_context. Existing custom HTTPAdapters will need to migrate their code to use this new API. get_connection is considered deprecated in all versions of Requests>=2.32.0.

    A minimal (2-line) example has been provided in the linked PR to ease migration, but we strongly urge users to evaluate if their custom adapter is subject to the same issue described in CVE-2024-35195. (#6710)

2.32.1 (2024-05-20)

Bugfixes

  • Add missing test certs to the sdist distributed on PyPI.

2.32.0 (2024-05-20)

Security

  • Fixed an issue where setting verify=False on the first request from a Session will cause subsequent requests to the same origin to also ignore cert verification, regardless of the value of verify. (GHSA-9wx4-h78v-vm56)

Improvements

  • verify=True now reuses a global SSLContext which should improve request time variance between first and subsequent requests. It should also minimize certificate load time on Windows systems when using a Python version built with OpenSSL 3.x. (#6667)
  • Requests now supports optional use of character detection (chardet or charset_normalizer) when repackaged or vendored. This enables pip and other projects to minimize their vendoring surface area. The Response.text() and apparent_encoding APIs will default to utf-8 if neither library is present. (#6702)

Bugfixes

  • Fixed bug in length detection where emoji length was incorrectly calculated in the request content-length. (#6589)
  • Fixed deserialization bug in JSONDecodeError. (#6629)
  • Fixed bug where an extra leading / (path separator) could lead urllib3 to unnecessarily reparse the request URI. (#6644)

Deprecations

... (truncated)

Commits
  • 88dce9d v2.32.2
  • c98e4d1 Merge pull request #6710 from nateprewitt/api_rename
  • 92075b3 Add deprecation warning
  • aa1461b Move _get_connection to get_connection_with_tls_context
  • 970e8ce v2.32.1
  • d6ebc4a v2.32.0
  • 9a40d12 Avoid reloading root certificates to improve concurrent performance (#6667)
  • 0c030f7 Merge pull request #6702 from nateprewitt/no_char_detection
  • 555b870 Allow character detection dependencies to be optional in post-packaging steps
  • d6dded3 Merge pull request #6700 from franekmagiera/update-redirect-to-invalid-uri-test
  • Additional commits viewable in compare view

Updates black from 23.3.0 to 24.3.0

Release notes

Sourced from black's releases.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

  • Don't move comments along with delimiters, which could cause crashes (#4248)
  • Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
  • Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

  • Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

  • Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

  • Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

  • Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
  • Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
  • Checking for newline before adding one on docstring that is almost at the line limit (#4185)
  • Remove redundant parentheses in case statement if guards (#4214).

Configuration

... (truncated)

Changelog

Sourced from black's changelog.

24.3.0

Highlights

This release is a milestone: it fixes Black's first CVE security vulnerability. If you run Black on untrusted input, or if you habitually put thousands of leading tab characters in your docstrings, you are strongly encouraged to upgrade immediately to fix CVE-2024-21503.

This release also fixes a bug in Black's AST safety check that allowed Black to make incorrect changes to certain f-strings that are valid in Python 3.12 and higher.

Stable style

  • Don't move comments along with delimiters, which could cause crashes (#4248)
  • Strengthen AST safety check to catch more unsafe changes to strings. Previous versions of Black would incorrectly format the contents of certain unusual f-strings containing nested strings with the same quote type. Now, Black will crash on such strings until support for the new f-string syntax is implemented. (#4270)
  • Fix a bug where line-ranges exceeding the last code line would not work as expected (#4273)

Performance

  • Fix catastrophic performance on docstrings that contain large numbers of leading tab characters. This fixes CVE-2024-21503. (#4278)

Documentation

  • Note what happens when --check is used with --quiet (#4236)

24.2.0

Stable style

  • Fixed a bug where comments where mistakenly removed along with redundant parentheses (#4218)

Preview style

  • Move the hug_parens_with_braces_and_square_brackets feature to the unstable style due to an outstanding crash and proposed formatting tweaks (#4198)
  • Fixed a bug where base expressions caused inconsistent formatting of ** in tenary expression (#4154)
  • Checking for newline before adding one on docstring that is almost at the line limit (#4185)
  • Remove redundant parentheses in case statement if guards (#4214).

... (truncated)

Commits

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
    You can disable automated security fix PRs for this repo from the Security Alerts page.

@dependabot
Bump the pip group across 1 directory with 6 updates
9701568 
Bumps the pip group with 6 updates in the /backend/requirements directory:

| Package | From | To |
| --- | --- | --- |
| [aiohttp](https://github.com/aio-libs/aiohttp) | `3.9.2` | `3.9.4` |
| [litellm](https://github.com/BerriAI/litellm) | `1.34.21` | `1.40.29` |
| [llama-index](https://github.com/run-llama/llama_index) | `0.9.45` | `0.10.13` |
| [pydantic](https://github.com/pydantic/pydantic) | `1.10.7` | `1.10.13` |
| [requests](https://github.com/psf/requests) | `2.31.0` | `2.32.2` |
| [black](https://github.com/psf/black) | `23.3.0` | `24.3.0` |



Updates `aiohttp` from 3.9.2 to 3.9.4
- [Release notes](https://github.com/aio-libs/aiohttp/releases)
- [Changelog](https://github.com/aio-libs/aiohttp/blob/master/CHANGES.rst)
- [Commits](aio-libs/aiohttp@v3.9.2...v3.9.4)

Updates `litellm` from 1.34.21 to 1.40.29
- [Release notes](https://github.com/BerriAI/litellm/releases)
- [Commits](BerriAI/litellm@v1.34.21...v1.40.29)

Updates `llama-index` from 0.9.45 to 0.10.13
- [Release notes](https://github.com/run-llama/llama_index/releases)
- [Changelog](https://github.com/run-llama/llama_index/blob/main/CHANGELOG.md)
- [Commits](run-llama/llama_index@v0.9.45...v0.10.13)

Updates `pydantic` from 1.10.7 to 1.10.13
- [Release notes](https://github.com/pydantic/pydantic/releases)
- [Changelog](https://github.com/pydantic/pydantic/blob/main/HISTORY.md)
- [Commits](pydantic/pydantic@v1.10.7...v1.10.13)

Updates `requests` from 2.31.0 to 2.32.2
- [Release notes](https://github.com/psf/requests/releases)
- [Changelog](https://github.com/psf/requests/blob/main/HISTORY.md)
- [Commits](psf/requests@v2.31.0...v2.32.2)

Updates `black` from 23.3.0 to 24.3.0
- [Release notes](https://github.com/psf/black/releases)
- [Changelog](https://github.com/psf/black/blob/main/CHANGES.md)
- [Commits](psf/black@23.3.0...24.3.0)

---
updated-dependencies:
- dependency-name: aiohttp
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: litellm
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: llama-index
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: pydantic
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: requests
  dependency-type: direct:production
  dependency-group: pip
- dependency-name: black
  dependency-type: direct:development
  dependency-group: pip
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added python Pull requests that update Python code 📦 dependencies Update a dependency files labels Jun 28, 2024
brunnolou pushed a commit that referenced this pull request Aug 14, 2024
@yuhongsun96 @Weves
Fix missing supervisord change from Danswer MIT (#18)
56c52bd
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
📦 dependencies Update a dependency files python Pull requests that update Python code
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
0 participants