Commit 53c2bf0
authored
![dependabot[bot]](https://avatars.githubusercontent.com/in/29110?v=4&size=40){kind=avatar}
Bump the production-dependencies group across 1 directory with 4 updates (#377)
Bumps the production-dependencies group with 4 updates in the /backend
directory: [flask](https://github.com/pallets/flask),
[nltk](https://github.com/nltk/nltk),
[azure-cosmos](https://github.com/Azure/azure-sdk-for-python) and
[google-genai](https://github.com/googleapis/python-genai).
Updates `flask` from 3.1.2 to 3.1.3
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/flask/releases">flask's
releases</a>.</em></p>
<blockquote>
<h2>3.1.3</h2>
<p>This is the Flask 3.1.3 security fix release, which fixes a security
issue but does not otherwise change behavior and should not result in
breaking changes compared to the latest feature release.</p>
<p>PyPI: <a
href="https://pypi.org/project/Flask/3.1.3/">https://pypi.org/project/Flask/3.1.3/</a>
Changes: <a
href="https://flask.palletsprojects.com/page/changes/#version-3-1-3">https://flask.palletsprojects.com/page/changes/#version-3-1-3</a></p>
<ul>
<li>The session is marked as accessed for operations that only access
the keys but not the values, such as <code>in</code> and
<code>len</code>. <a
href="https://github.com/pallets/flask/security/advisories/GHSA-68rp-wp8r-4726">GHSA-68rp-wp8r-4726</a></li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/pallets/flask/blob/main/CHANGES.rst">flask's
changelog</a>.</em></p>
<blockquote>
<h2>Version 3.1.3</h2>
<p>Released 2026-02-18</p>
<ul>
<li>The session is marked as accessed for operations that only access
the keys
but not the values, such as <code>in</code> and <code>len</code>.
:ghsa:<code>68rp-wp8r-4726</code></li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/pallets/flask/commit/22d924701a6ae2e4cd01e9a15bbaf3946094af65"><code>22d9247</code></a>
release version 3.1.3</li>
<li><a
href="https://github.com/pallets/flask/commit/089cb86dd22bff589a4eafb7ab8e42dc357623b4"><code>089cb86</code></a>
Merge commit from fork</li>
<li><a
href="https://github.com/pallets/flask/commit/c17f379390731543eea33a570a47bd4ef76a54fa"><code>c17f379</code></a>
request context tracks session access</li>
<li><a
href="https://github.com/pallets/flask/commit/27be9338405382445a7cb01151e084559b98d602"><code>27be933</code></a>
start version 3.1.3</li>
<li><a
href="https://github.com/pallets/flask/commit/4e652d3f68b90d50aa2301d3b7e68c3fafd9251d"><code>4e652d3</code></a>
Abort if the instance folder cannot be created (<a
href="https://redirect.github.com/pallets/flask/issues/5903">#5903</a>)</li>
<li><a
href="https://github.com/pallets/flask/commit/3d03098a97ddc6a908aa4a50c2ef7381f8297d0a"><code>3d03098</code></a>
Abort if the instance folder cannot be created</li>
<li><a
href="https://github.com/pallets/flask/commit/407eb76b27884848383a37c7274654f0271e4bc4"><code>407eb76</code></a>
document using gevent for async (<a
href="https://redirect.github.com/pallets/flask/issues/5900">#5900</a>)</li>
<li><a
href="https://github.com/pallets/flask/commit/ac5664d2281533eacafd64f5cc7d5edcdaccab60"><code>ac5664d</code></a>
document using gevent for async</li>
<li><a
href="https://github.com/pallets/flask/commit/4f79d5b59a56bc4356a97f2e81a35f98cb18d7b3"><code>4f79d5b</code></a>
Increase required flit_core version to 3.11 (<a
href="https://redirect.github.com/pallets/flask/issues/5865">#5865</a>)</li>
<li><a
href="https://github.com/pallets/flask/commit/fe3b215d3ade4db68262dae1a3cdc464a1fc524f"><code>fe3b215</code></a>
Increase required flit_core version to 3.11</li>
<li>Additional commits viewable in <a
href="https://github.com/pallets/flask/compare/3.1.2...3.1.3">compare
view</a></li>
</ul>
</details>
<br />
Updates `nltk` from 3.9.2 to 3.9.3
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/nltk/nltk/blob/develop/ChangeLog">nltk's
changelog</a>.</em></p>
<blockquote>
<p>Version 3.9.3 2026-02-21</p>
<ul>
<li>Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (<a
href="https://redirect.github.com/nltk/nltk/issues/3468">#3468</a>)</li>
<li>Block path traversal/arbitrary reads in nltk.data for protocol-less
refs (<a
href="https://redirect.github.com/nltk/nltk/issues/3467">#3467</a>)</li>
<li>Block path traversal/abs paths in corpus readers and FS pointers (<a
href="https://redirect.github.com/nltk/nltk/issues/3479">#3479</a>, <a
href="https://redirect.github.com/nltk/nltk/issues/3480">#3480</a>)</li>
<li>Validate external StanfordSegmenter JARs using SHA256 (<a
href="https://redirect.github.com/nltk/nltk/issues/3477">#3477</a>)</li>
<li>Add optional sandbox enforcement for filestring() (<a
href="https://redirect.github.com/nltk/nltk/issues/3485">#3485</a>)</li>
<li>Maintenance: downloader/zipped models, CI/tooling updates</li>
</ul>
<p>Thanks to the following contributors to 3.9.3:
Chris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher
Smith</p>
<p>Version 3.9.2 2025-10-01</p>
<ul>
<li>Update download checksums to use SHA256 in built index</li>
<li>Fix percentage escape in new-style string formatting</li>
<li>replace shortened URLs using goo.gl</li>
<li>Make Wordnet interoperable with various taggers and tagged
corpora</li>
<li>Fix saving PerceptronTagger</li>
<li>Document how to reproduce old Wordnet studies</li>
<li>properly initialize Portuguese corpus reader</li>
<li>support for mixed rules conversion into Chomsky Normal Form</li>
<li>only import tkinter if a GUI is needed</li>
<li>issue <a
href="https://redirect.github.com/nltk/nltk/issues/2112">#2112</a> with
Corenlp</li>
<li>new environment variable
NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL</li>
<li>Lesk defaults to most frequent sense in case of ties</li>
</ul>
<p>Thanks to the following contributors to 3.9.2:
Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix,
Jason Liu,
Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram
Ul Haq,
Christopher Smith, Ryan Mannion</p>
<p>Version 3.9.1 2024-08-19</p>
<ul>
<li>Fixed bug that prevented wordnet from loading</li>
</ul>
<p>Version 3.9 2024-08-18</p>
<ul>
<li>Fix security vulnerability CVE-2024-39705 (breaking change)</li>
<li>Replace pickled models (punkt, chunker, taggers) by new pickle-free
"_tab" packages</li>
<li>No longer sort Wordnet synsets and relations (sort in calling
function when required)</li>
<li>Only strip the last suffix in Wordnet Morphy, thus restricting
synsets() results</li>
<li>Add Python 3.12 support</li>
<li>Many other minor fixes</li>
</ul>
<p>Thanks to the following contributors to 3.8.2:
Tom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin
Chernyshev, Michael Higgins,
Eric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex
Rudnick, Liling Tan, Akihiro Yamazaki.</p>
<p>Version 3.8.1 2023-01-02</p>
<ul>
<li>Resolve RCE vulnerability in localhost WordNet Browser (<a
href="https://redirect.github.com/nltk/nltk/issues/3100">#3100</a>)</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/nltk/nltk/commit/4154eb85e832f266660a09286c7e37e308292284"><code>4154eb8</code></a>
Merge pull request <a
href="https://redirect.github.com/nltk/nltk/issues/3503">#3503</a> from
ekaf/hotfix-3501</li>
<li><a
href="https://github.com/nltk/nltk/commit/7a710cbc8b914628252e9cf2518afe9ba9b13c80"><code>7a710cb</code></a>
Prepare release 3.9.3</li>
<li><a
href="https://github.com/nltk/nltk/commit/1056b323af6462455571302e766b67cf300aea18"><code>1056b32</code></a>
Merge pull request <a
href="https://redirect.github.com/nltk/nltk/issues/3468">#3468</a> from
HyperPS/fix/secure-unzip-rce</li>
<li><a
href="https://github.com/nltk/nltk/commit/7dc5baa98f03b4c36300c408a7a66ffc8ea3934f"><code>7dc5baa</code></a>
Resolve merge conflict in tag mapping using normalized nltk resource
URL</li>
<li><a
href="https://github.com/nltk/nltk/commit/7ef38b8aa6055ef3f82c7f8da490297cc12032b1"><code>7ef38b8</code></a>
Merge pull request <a
href="https://redirect.github.com/nltk/nltk/issues/3467">#3467</a> from
HyperPS/develop</li>
<li><a
href="https://github.com/nltk/nltk/commit/b2e1164bf89277f79b65406c829b99fb20ca1974"><code>b2e1164</code></a>
Merge pull request <a
href="https://redirect.github.com/nltk/nltk/issues/3485">#3485</a> from
HyperPS/fix-filestring-sandbox-update</li>
<li><a
href="https://github.com/nltk/nltk/commit/ac0ce55daa487401f8215a409cef50eae6a4ac98"><code>ac0ce55</code></a>
Merge pull request <a
href="https://redirect.github.com/nltk/nltk/issues/3480">#3480</a> from
HyperPS/fix/filesystem-sandbox-security</li>
<li><a
href="https://github.com/nltk/nltk/commit/603e34d25a2cad4612185ebfa6bc1c0dcfcfb2ab"><code>603e34d</code></a>
Merge pull request <a
href="https://redirect.github.com/nltk/nltk/issues/3479">#3479</a> from
HyperPS/fix/corpusreader-path-traversal</li>
<li><a
href="https://github.com/nltk/nltk/commit/b63a5014aace4d22fe9a713473d2598d409eece4"><code>b63a501</code></a>
Merge pull request <a
href="https://redirect.github.com/nltk/nltk/issues/3477">#3477</a> from
HyperPS/fix/stanford-segmenter-rce-sha256</li>
<li><a
href="https://github.com/nltk/nltk/commit/df38955e506a9fcaa8aba006984a11babd87cec0"><code>df38955</code></a>
Merge pull request <a
href="https://redirect.github.com/nltk/nltk/issues/3494">#3494</a> from
ekaf/ewnv</li>
<li>Additional commits viewable in <a
href="https://github.com/nltk/nltk/compare/3.9.2...3.9.3">compare
view</a></li>
</ul>
</details>
<br />
Updates `azure-cosmos` from 4.14.6 to 4.15.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/Azure/azure-sdk-for-python/releases">azure-cosmos's
releases</a>.</em></p>
<blockquote>
<h2>azure-cosmos_4.15.0</h2>
<h3>4.15.0 (2026-02-19)</h3>
<h4>Features Added</h4>
<ul>
<li>GA support of Per Partition Automatic Failover and
AvailabilityStrategy features.</li>
</ul>
<h4>Bugs Fixed</h4>
<ul>
<li>Fixed bug where sdk was encountering a timeout issue caused by
infinite recursion during the 410 (Gone) error. See <a
href="https://redirect.github.com/Azure/azure-sdk-for-python/pull/44770">PR
44770</a></li>
<li>Fixed crash in sync and async clients when
<code>force_refresh_on_startup</code> was set to <code>None</code>,
which could surface as <code>AttributeError: 'NoneType' object has no
attribute '_WritableLocations'</code> during region discovery when
<code>database_account</code> was <code>None</code>. See <a
href="https://redirect.github.com/Azure/azure-sdk-for-python/pull/44987">PR
44987</a></li>
<li>Fixed bug where unavailable regional endpoints were dropped from the
routing list instead of being kept as fallback options. See <a
href="https://redirect.github.com/Azure/azure-sdk-for-python/pull/45200">PR
45200</a></li>
</ul>
<h4>Other Changes</h4>
<ul>
<li>Added tests for multi-language support for full text search. See <a
href="https://redirect.github.com/Azure/azure-sdk-for-python/pull/44254">PR
44254</a></li>
<li>Renamed <code>availability_strategy_config</code> introduced in
4.15.0b1 to <code>availability_strategy</code> for both sync and async
clients. See <a
href="https://redirect.github.com/Azure/azure-sdk-for-python/pull/45086">PR
45086</a>.</li>
<li>Request-level <code>availability_strategy</code> needs to be set to
<code>False</code> in order to disable availability strategy for that
request, as opposed to setting it to <code>None</code>. See <a
href="https://redirect.github.com/Azure/azure-sdk-for-python/pull/45141">PR
45141</a>.</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/Azure/azure-sdk-for-python/commit/54c81b9f4a848e009957f7dcaa438e85ae150d6e"><code>54c81b9</code></a>
[Groundedness] Check for intermediate (<a
href="https://redirect.github.com/Azure/azure-sdk-for-python/issues/45305">#45305</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-python/commit/145e110e0ea489ff2e7f9ba79a60875f4fb43bee"><code>145e110</code></a>
[WIP] Revert changes to archetype-python-release.yml regarding py2docfx
(<a
href="https://redirect.github.com/Azure/azure-sdk-for-python/issues/45295">#45295</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-python/commit/9d848cfc9715c32c79988c175c81a0ae3e609d21"><code>9d848cf</code></a>
recording (<a
href="https://redirect.github.com/Azure/azure-sdk-for-python/issues/45291">#45291</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-python/commit/c62f73f8592aadef1ff8dc263229c386c09392e6"><code>c62f73f</code></a>
Updates to package README.md (<a
href="https://redirect.github.com/Azure/azure-sdk-for-python/issues/45289">#45289</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-python/commit/c0fade1279acbe75c9461cb63617f150139607ef"><code>c0fade1</code></a>
Fix beta subclient, such that all its members shows up in API ref-docs.
Also ...</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-python/commit/3682bda128113aa1c55822c74b1a2a8c290809e8"><code>3682bda</code></a>
Sample test recording along with new LLM instruction (<a
href="https://redirect.github.com/Azure/azure-sdk-for-python/issues/45274">#45274</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-python/commit/ef0ab33c8c20dc1ac8b376a36f45623ebd232078"><code>ef0ab33</code></a>
Change depends to import_all in cosmos emulator ChecksOverride (<a
href="https://redirect.github.com/Azure/azure-sdk-for-python/issues/45284">#45284</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-python/commit/3479c7355cd431ee3c4328de2e97089143e560cb"><code>3479c73</code></a>
[VoiceLive] Relocate azure-ai-voicelive to its own service directory (<a
href="https://redirect.github.com/Azure/azure-sdk-for-python/issues/45254">#45254</a>)</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-python/commit/fc6c21ae17e951b57afea897ebac677cbf6f6981"><code>fc6c21a</code></a>
Redact credential token in default client logs controlled by env
variable AZU...</li>
<li><a
href="https://github.com/Azure/azure-sdk-for-python/commit/6829ccb0349f483914e429152b9568489772c9e8"><code>6829ccb</code></a>
Fix apistub token path (<a
href="https://redirect.github.com/Azure/azure-sdk-for-python/issues/45271">#45271</a>)</li>
<li>Additional commits viewable in <a
href="https://github.com/Azure/azure-sdk-for-python/compare/azure-cosmos_4.14.6...azure-cosmos_4.15.0">compare
view</a></li>
</ul>
</details>
<br />
Updates `google-genai` from 1.63.0 to 1.64.0
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/python-genai/releases">google-genai's
releases</a>.</em></p>
<blockquote>
<h2>v1.64.0</h2>
<h2><a
href="https://github.com/googleapis/python-genai/compare/v1.63.0...v1.64.0">1.64.0</a>
(2026-02-18)</h2>
<h3>Features</h3>
<ul>
<li>Add UnifiedMetric support to Vertex Tuning evaluation config (<a
href="https://github.com/googleapis/python-genai/commit/9a9908a9605756a94404359187cad09b21c094e0">9a9908a</a>)</li>
<li>Support multimodal embedding for Gemini Embedding 2.0 and support
MaaS models in Models.embed_content() (Vertex AI API) (<a
href="https://github.com/googleapis/python-genai/commit/af40cc629751b2d389eecb75741e9c3531cc8e6e">af40cc6</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/googleapis/python-genai/blob/main/CHANGELOG.md">google-genai's
changelog</a>.</em></p>
<blockquote>
<h2><a
href="https://github.com/googleapis/python-genai/compare/v1.63.0...v1.64.0">1.64.0</a>
(2026-02-18)</h2>
<h3>Features</h3>
<ul>
<li>Add UnifiedMetric support to Vertex Tuning evaluation config (<a
href="https://github.com/googleapis/python-genai/commit/9a9908a9605756a94404359187cad09b21c094e0">9a9908a</a>)</li>
<li>Support multimodal embedding for Gemini Embedding 2.0 and support
MaaS models in Models.embed_content() (Vertex AI API) (<a
href="https://github.com/googleapis/python-genai/commit/af40cc629751b2d389eecb75741e9c3531cc8e6e">af40cc6</a>)</li>
</ul>
</blockquote>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/googleapis/python-genai/commit/cff95b45b3eb6d201539f5b92901adc803ddad2a"><code>cff95b4</code></a>
chore(main): release 1.64.0 (<a
href="https://redirect.github.com/googleapis/python-genai/issues/2054">#2054</a>)</li>
<li><a
href="https://github.com/googleapis/python-genai/commit/3e8eef80288ae63cde7115877c64207845f16442"><code>3e8eef8</code></a>
chore: Make discriminator properties required in Interactions</li>
<li><a
href="https://github.com/googleapis/python-genai/commit/2ab5ea72ffb94c5ec26de8f9560321f372ff0651"><code>2ab5ea7</code></a>
chore: migrate to gcloud storage</li>
<li><a
href="https://github.com/googleapis/python-genai/commit/e55004c33781b27d38780ea705cbba6858246c4a"><code>e55004c</code></a>
chore: Add aiohttp as a required dependency.</li>
<li><a
href="https://github.com/googleapis/python-genai/commit/fafc3d80179d642a4adf4bce42e05a0045f8c1be"><code>fafc3d8</code></a>
chore: Add type assertions and ignore type overlap in genai
libraries</li>
<li><a
href="https://github.com/googleapis/python-genai/commit/af40cc629751b2d389eecb75741e9c3531cc8e6e"><code>af40cc6</code></a>
feat: Support multimodal embedding for Gemini Embedding 2.0 and support
MaaS ...</li>
<li><a
href="https://github.com/googleapis/python-genai/commit/9a9908a9605756a94404359187cad09b21c094e0"><code>9a9908a</code></a>
feat: Add UnifiedMetric support to Vertex Tuning evaluation config</li>
<li>See full diff in <a
href="https://github.com/googleapis/python-genai/compare/v1.63.0...v1.64.0">compare
view</a></li>
</ul>
</details>
<br />
Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.
[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)
---
<details>
<summary>Dependabot commands and options</summary>
<br />
You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore <dependency name> major version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's major version (unless you unignore this specific
dependency's major version or upgrade to it yourself)
- `@dependabot ignore <dependency name> minor version` will close this
group update PR and stop Dependabot creating any more for the specific
dependency's minor version (unless you unignore this specific
dependency's minor version or upgrade to it yourself)
- `@dependabot ignore <dependency name>` will close this group update PR
and stop Dependabot creating any more for the specific dependency
(unless you unignore this specific dependency or upgrade to it yourself)
- `@dependabot unignore <dependency name>` will remove all of the ignore
conditions of the specified dependency
- `@dependabot unignore <dependency name> <ignore condition>` will
remove the ignore condition of the specified dependency and ignore
conditions
</details>
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>1 parent 46047be commit 53c2bf0
2 files changed
+494
-20
lines changed| Original file line number | Diff line number | Diff line change | |
|---|---|---|---|
| |||
3 | 3 | | |
4 | 4 | | |
5 | 5 | | |
6 | | - | |
| 6 | + | |
7 | 7 | | |
8 | 8 | | |
9 | 9 | | |
10 | 10 | | |
11 | | - | |
| 11 | + | |
12 | 12 | | |
13 | 13 | | |
14 | 14 | | |
15 | 15 | | |
16 | | - | |
| 16 | + | |
17 | 17 | | |
18 | 18 | | |
19 | 19 | | |
20 | | - | |
| 20 | + | |
21 | 21 | | |
22 | 22 | | |
23 | 23 | | |
| |||
0 commit comments