chore(deps): bump numpy from 1.26.4 to 2.2.1

[dependabot]

Bumps numpy from 1.26.4 to 2.2.1.

Release notes

Sourced from numpy's releases.

2.2.1 (DEC 21, 2024)

NumPy 2.2.1 Release Notes

NumPy 2.2.1 is a patch release following 2.2.0. It fixes bugs found after the 2.2.0 release and has several maintenance pins to work around upstream changes.

There was some breakage in downstream projects following the 2.2.0 release due to updates to NumPy typing. Because of problems due to MyPy defects, we recommend using basedpyright for type checking, it can be installed from PyPI. The Pylance extension for Visual Studio Code is also based on Pyright. Problems that persist when using basedpyright should be reported as issues on the NumPy github site.

This release supports Python 3.10-3.13.

Contributors

A total of 9 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Charles Harris
• Joren Hammudoglu
• Matti Picus
• Nathan Goldbaum
• Peter Hawkins
• Simon Altrogge
• Thomas A Caswell
• Warren Weckesser
• Yang Wang +

Pull requests merged

A total of 12 pull requests were merged for this release.

• #27935: MAINT: Prepare 2.2.x for further development
• #27950: TEST: cleanups
• #27958: BUG: fix use-after-free error in npy_hashtable.cpp (#27955)
• #27959: BLD: add missing include
• #27982: BUG:fix compile error libatomic link test to meson.build
• #27990: TYP: Fix falsely rejected value types in ndarray.__setitem__
• #27991: MAINT: Don't wrap #include <Python.h> with extern "C"
• #27993: BUG: Fix segfault in stringdtype lexsort
• #28006: MAINT: random: Tweak module code in mtrand.pyx to fix a Cython...
• #28007: BUG: Cython API was missing NPY_UINTP.
• #28021: CI: pin scipy-doctest to 1.5.1
• #28044: TYP: allow None in operand sequence of nditer

Checksums

... (truncated)

Changelog

Sourced from numpy's changelog.

This is a walkthrough of the NumPy 2.1.0 release on Linux, modified for building with GitHub Actions and cibuildwheels and uploading to the anaconda.org staging repository for NumPy <https://anaconda.org/multibuild-wheels-staging/numpy>_. The commands can be copied into the command line, but be sure to replace 2.1.0 by the correct version. This should be read together with the :ref:general release guide <prepare_release>.

Facility preparation

Before beginning to make a release, use the requirements/*_requirements.txt files to ensure that you have the needed software. Most software can be installed with pip, but some will require apt-get, dnf, or whatever your system uses for software. You will also need a GitHub personal access token (PAT) to push the documentation. There are a few ways to streamline things:

• Git can be set up to use a keyring to store your GitHub personal access token. Search online for the details.
• You can use the keyring app to store the PyPI password for twine. See the online twine documentation for details.

Prior to release

Add/drop Python versions

When adding or dropping Python versions, three files need to be edited:

• .github/workflows/wheels.yml # for github cibuildwheel
• tools/ci/cirrus_wheels.yml # for cibuildwheel aarch64/arm64 builds
• pyproject.toml # for classifier and minimum version check.

Make these changes in an ordinary PR against main and backport if necessary. Add [wheel build] at the end of the title line of the commit summary so that wheel builds will be run to test the changes. We currently release wheels for new Python versions after the first Python rc once manylinux and cibuildwheel support it. For Python 3.11 we were able to release within a week of the rc1 announcement.

Backport pull requests

Changes that have been marked for this release must be backported to the maintenance/2.1.x branch.

Update 2.1.0 milestones

... (truncated)

Commits

• 7469245 Merge pull request #28047 from charris/prepare-2.2.1
• acb051e REL: Prepare for the NumPy 2.2.1 release [wheel build]
• 28a091a Merge pull request #28044 from charris/backport-28039
• 723605b TST: Add test for allowing None in operand sequence passed to nditer
• 554739e TYP: allow None in operand sequence of nditer
• 31bc4c8 Merge pull request #28021 from charris/backport-28020
• 32f52a3 CI: pin scipy-doctest to 1.5.1 (#28020)
• 6219aeb Merge pull request #28007 from charris/backport-28005
• eb7071c Merge pull request #28006 from charris/backport-28003
• 4f82c32 BUG: Cython API was missing NPY_UINTP.
• Additional commits viewable in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
pip/numpy	2.2.1	🟢 7.9	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 13 out of 13 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 project has 95 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/werkzeug	>= 3.0.6	🟢 6.1	Details Check Score Reason Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Code-Review ⚠️ 0 Found 0/19 approved changesets -- score normalized to 0 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 Vulnerabilities 🟢 10 0 existing vulnerabilities detected License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Signed-Releases 🟢 10 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Packaging 🟢 10 packaging workflow detected Security-Policy 🟢 9 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/click	8.1.8	🟢 7.2	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 14 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 7 Found 14/20 approved changesets -- score normalized to 7 Binary-Artifacts 🟢 10 no binaries found in the repo Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Signed-Releases 🟢 10 5 out of the last 5 releases have a total of 5 signed artifacts. Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Security-Policy 🟢 9 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/jinja2	3.1.5	🟢 7	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Code-Review 🟢 4 Found 7/15 approved changesets -- score normalized to 4 Binary-Artifacts 🟢 10 no binaries found in the repo Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Pinned-Dependencies 🟢 5 dependency not pinned by hash detected -- score normalized to 5 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Packaging 🟢 10 packaging workflow detected Signed-Releases 🟢 10 3 out of the last 3 releases have a total of 3 signed artifacts. Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches Security-Policy 🟢 9 security policy file detected SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/numpy	2.2.1	🟢 7.9	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 13 out of 13 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 project has 95 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/prometheus-client	0.21.1	🟢 6.8	Details Check Score Reason Maintained 🟢 10 7 commit(s) and 6 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 9 security policy file detected Code-Review 🟢 8 Found 23/28 approved changesets -- score normalized to 8 Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Packaging ⚠️ -1 packaging workflow not detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing ⚠️ 0 project is not fuzzed License 🟢 10 license file detected Pinned-Dependencies ⚠️ 2 dependency not pinned by hash detected -- score normalized to 2 Signed-Releases ⚠️ -1 no releases found Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0
pip/numpy	2.2.1	🟢 7.9	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 13 out of 13 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 project has 95 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Maintained 🟢 10 30 commit(s) and 18 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected

Scanned Files

• Pipfile
• Pipfile.lock
• requirements.txt

[saidsef]

This is a breaking change, further tests required.

[saidsef]

/code pr

[saidsef]

🤖
No response is required as there are no issues or suggestions for the modified lines in the provided patches.

_{> grok-2-1212 [pr | 0]}

[saidsef]

/code pr

[saidsef]

🤖

Review of Pull Request

Patch 1/2: Bump numpy from 1.26.4 to 2.2.1

Summary:
The patch updates the numpy dependency from version 1.26.4 to 2.2.1 in the Pipfile and Pipfile.lock files.

Code Changes:

• Pipfile:

  @@ -6,7 +6,7 @@
   name = "pypi"
   [packages]
   flask = "==3.1.0"
   flask-wtf = "==1.2.2"
   -numpy = "==2.1.3"
   +numpy = "==2.2.1"
   prometheus-flask-exporter = "==0.23.1"
   scikit-learn = "==1.6.0"
   werkzeug = ">=3.0.3"

• Pipfile.lock:
  The changes involve updating the hashes and version of numpy in the lock file.

Issues:

• The patch appears to be correctly updating the dependencies.
• There are no obvious issues with the code changes.

Suggestions:

• None noted.

Patch 2/2: CI Workflow Trigger

Summary:
The second patch introduces changes to the CI workflow trigger.

Code Changes:

• ci workflow trigger changes: (Not provided in the snippet)

Issues:

• Not enough information is provided in the snippet to assess any issues with this patch.

Suggestions:

• Review the complete changes in the second patch to ensure they are correctly implemented and do not introduce any conflicts or errors.

Conclusion:

The first patch is straightforward and correctly updates the numpy dependency. The second patch requires further review for its implementation details.

_{> llama-3.1-sonar-small-128k-chat [pr | 0]}

[saidsef-pr]

Application ml-classifier-a8bf964-204-pr-reviews has been created.

[saidsef-pr]

Application ml-classifier-a8bf964-204-pr-reviews is in state Running.
See more here: https://argocd.saidsef.co.uk/applications/ml-classifier-a8bf964-204-pr-reviews?operation=true

[saidsef-pr]

Application ml-classifier-a8bf964-204-pr-reviews is in state Succeeded.
See more here: https://argocd.saidsef.co.uk/applications/ml-classifier-a8bf964-204-pr-reviews?operation=true

[saidsef-pr]

Application ml-classifier-a8bf964-204-pr-reviews is now running new version of deployments manifests.
See more here: https://argocd.saidsef.co.uk/applications/ml-classifier-a8bf964-204-pr-reviews?operation=true

[saidsef-pr]

Application ml-classifier-a8bf964-204-pr-reviews has been deleted.

[saidsef]

A module that was compiled using NumPy 1.x cannot be run in
NumPy 2.2.1 as it may crash. To support both 1.x and 2.x
versions of NumPy, modules must be compiled with NumPy 2.0.
Some module may need to rebuild instead e.g. with 'pybind11>=2.12'.

[dependabot]

A newer version of numpy exists, but since this PR has been edited by someone other than Dependabot I haven't updated it. You'll get a PR for the updated version as normal once this PR is merged.

[saidsef]

/code pr

[saidsef]

🤖
Please reduce the length of the messages or completion.

_{> gemma2-9b-it [pr | 2]}

[saidsef]

/code pr

[saidsef]

🤖

PR Review

Summary

This PR updates the numpy dependency in the project from version 1.26.4 to 2.2.1, marking a major version change in Pipfile and further updates requirements.txt accordingly. It also includes additional updates to Pipfile.lock and modifies the version of werkzeug in Pipfile. CI workflow triggers have also been adjusted.

Detailed Review

1. Pipfile Changes

   • Modification in numpy: The version of numpy has been updated to 2.2.1, which aligns with the major update indicated by update-type: version-update:semver-major.

   • Modification in werkzeug: Updated from >=3.0.3 to >=3.0.6. Ensure compatibility with this version, especially considering the other dependencies that may depend on werkzeug.

2. Pipfile.lock Changes

   • The entire Pipfile.lock hash has changed, indicating a comprehensive update across several packages beyond just numpy. Ensure all updates here are compatible and necessary.

   • Click and Jinja2 Updates: Both these libraries have seen a minor version bump. Validate that these changes are non-breaking and align with any usage within the project.

   • Prometheus-client Update: Similarly updated to the latest minor version. Check for potential breaking changes, especially if your project is heavily integrated with Prometheus metrics collection.

3. requirements.txt Changes

   • Numpy Update: Consistent update to 2.2.1 is reflected here, matching the Pipfile.

4. General Suggestions

   • Testing & Validation: Given the major version bump in numpy, it's critical to run comprehensive tests to ensure that this update does not introduce regressions or incompatibilities.

   • Dependency Review: Verify if any other dependencies have undergone major updates that could potentially affect backward compatibility.

   • Documentation Update: Consider updating any documentation that might reference dependency versions to ensure it reflects the latest changes.

5. Additional Considerations

   • CI Workflow: The change in the .yml CI workflow indicates possible triggers or pipeline configurations adjustments. Review the CI settings to make sure they are aligned with the new changes and test the CI workflow thoroughly.

Conclusion

Overall, the updates appear to primarily focus on updating critical dependencies with an emphasis on staying current. Ensure thorough testing is performed, and consider reaching out to the updated dependency maintainers for any notes on breaking changes, specifically for numpy's major version update.

_{> microsoft/phi-4 [pr | 1]}