Sec: use pip-tools to create a lock file (constraints.txt) from the pip dependencies so that dependabot can better recognize sub-dependencies and dump it itself.

fmoorhof · fmoorhof · commit 8ae61500a58d · 2025-12-17T20:48:53.000+01:00
pip-compile --all-build-deps --all-extras --output-file=constraints.txt --strip-extras pyproject.toml
diff --git a/constraints.txt b/constraints.txt
@@ -0,0 +1,238 @@
+#
+# This file is autogenerated by pip-compile with Python 3.10
+# by the following command:
+#
+#    pip-compile --all-build-deps --all-extras --output-file=constraints.txt --strip-extras pyproject.toml
+#
+annotated-types==0.7.0
+    # via pydantic
+anyio==4.12.0
+    # via httpx
+attrs==25.4.0
+    # via visions
+blinker==1.9.0
+    # via flask
+certifi==2025.11.12
+    # via
+    #   httpcore
+    #   httpx
+    #   requests
+charset-normalizer==3.4.4
+    # via requests
+click==8.3.1
+    # via
+    #   flask
+    #   typer-slim
+contourpy==1.3.2
+    # via matplotlib
+cycler==0.12.1
+    # via matplotlib
+dacite==1.9.2
+    # via ydata-profiling
+dash==3.3.0
+    # via
+    #   dash-bootstrap-components
+    #   selectzyme-app (pyproject.toml)
+dash-bootstrap-components==2.0.4
+    # via selectzyme-app (pyproject.toml)
+exceptiongroup==1.3.1
+    # via anyio
+filelock==3.20.1
+    # via huggingface-hub
+filetype==1.2.0
+    # via ydata-profiling
+flask==3.1.2
+    # via dash
+fonttools==4.61.1
+    # via matplotlib
+fsspec==2025.12.0
+    # via huggingface-hub
+gunicorn==23.0.0
+    # via selectzyme-app (pyproject.toml)
+h11==0.16.0
+    # via httpcore
+hf-xet==1.2.0
+    # via huggingface-hub
+httpcore==1.0.9
+    # via httpx
+httpx==0.28.1
+    # via huggingface-hub
+huggingface-hub==1.2.3
+    # via selectzyme-app (pyproject.toml)
+idna==3.11
+    # via
+    #   anyio
+    #   httpx
+    #   requests
+imagehash==4.3.2
+    # via
+    #   visions
+    #   ydata-profiling
+importlib-metadata==8.7.0
+    # via dash
+itsdangerous==2.2.0
+    # via flask
+jinja2==3.1.6
+    # via
+    #   flask
+    #   ydata-profiling
+joblib==1.5.3
+    # via phik
+kiwisolver==1.4.9
+    # via matplotlib
+llvmlite==0.45.1
+    # via numba
+markupsafe==3.0.3
+    # via
+    #   flask
+    #   jinja2
+    #   werkzeug
+matplotlib==3.10.0
+    # via
+    #   phik
+    #   seaborn
+    #   wordcloud
+    #   ydata-profiling
+minify-html==0.18.1
+    # via ydata-profiling
+multimethod==1.12
+    # via
+    #   visions
+    #   ydata-profiling
+narwhals==2.14.0
+    # via plotly
+nest-asyncio==1.6.0
+    # via dash
+networkx==3.4.2
+    # via visions
+numba==0.62.1
+    # via ydata-profiling
+numpy==2.2.6
+    # via
+    #   contourpy
+    #   imagehash
+    #   matplotlib
+    #   numba
+    #   pandas
+    #   patsy
+    #   phik
+    #   pywavelets
+    #   scipy
+    #   seaborn
+    #   statsmodels
+    #   visions
+    #   wordcloud
+    #   ydata-profiling
+packaging==25.0
+    # via
+    #   gunicorn
+    #   huggingface-hub
+    #   matplotlib
+    #   plotly
+    #   statsmodels
+pandas==2.3.3
+    # via
+    #   phik
+    #   seaborn
+    #   selectzyme-app (pyproject.toml)
+    #   statsmodels
+    #   visions
+    #   ydata-profiling
+patsy==1.0.2
+    # via statsmodels
+phik==0.12.5
+    # via ydata-profiling
+pillow==12.0.0
+    # via
+    #   imagehash
+    #   matplotlib
+    #   visions
+    #   wordcloud
+plotly==6.5.0
+    # via
+    #   dash
+    #   selectzyme-app (pyproject.toml)
+puremagic==1.30
+    # via visions
+pyarrow==22.0.0
+    # via selectzyme-app (pyproject.toml)
+pydantic==2.12.5
+    # via ydata-profiling
+pydantic-core==2.41.5
+    # via pydantic
+pyparsing==3.2.5
+    # via matplotlib
+python-dateutil==2.9.0.post0
+    # via
+    #   matplotlib
+    #   pandas
+pytz==2025.2
+    # via pandas
+pywavelets==1.8.0
+    # via imagehash
+pyyaml==6.0.3
+    # via
+    #   huggingface-hub
+    #   ydata-profiling
+requests==2.32.5
+    # via
+    #   dash
+    #   ydata-profiling
+retrying==1.4.2
+    # via dash
+scipy==1.15.3
+    # via
+    #   imagehash
+    #   phik
+    #   statsmodels
+    #   ydata-profiling
+seaborn==0.13.2
+    # via ydata-profiling
+shellingham==1.5.4
+    # via huggingface-hub
+six==1.17.0
+    # via python-dateutil
+statsmodels==0.14.6
+    # via ydata-profiling
+tqdm==4.67.1
+    # via
+    #   huggingface-hub
+    #   ydata-profiling
+typeguard==4.4.4
+    # via ydata-profiling
+typer-slim==0.20.0
+    # via huggingface-hub
+typing-extensions==4.15.0
+    # via
+    #   anyio
+    #   dash
+    #   exceptiongroup
+    #   huggingface-hub
+    #   pydantic
+    #   pydantic-core
+    #   typeguard
+    #   typer-slim
+    #   typing-inspection
+typing-inspection==0.4.2
+    # via pydantic
+tzdata==2025.3
+    # via pandas
+urllib3==2.6.2
+    # via requests
+visions==0.8.1
+    # via ydata-profiling
+werkzeug==3.1.4
+    # via
+    #   dash
+    #   flask
+wheel==0.45.1
+    # via selectzyme-app (pyproject.toml::build-system.requires)
+wordcloud==1.9.4
+    # via ydata-profiling
+ydata-profiling==4.18.0
+    # via selectzyme-app (pyproject.toml)
+zipp==3.23.0
+    # via importlib-metadata
+
+# The following packages are considered to be unsafe in a requirements file:
+# setuptools
