• 9e9e840 2022.12.07
• b81bdb2 2022.09.24
• 939a28f 2022.09.14
• aca828a 2022.06.15.2
• de0eae1 Only use importlib.resources's new files() / Traversable API on Python ≥3.11 ...
• b8eb5e9 2022.06.15.1
• 47fb7ab Fix deprecation warning on Python 3.11 (#199)
• b0b48e0 fixes #198 -- update link in license
• 9d514b4 2022.06.15
• 4151e88 Add py.typed to MANIFEST.in to package in sdist (#196)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from joblib's changelog.

Release 1.2.0

• Fix a security issue where eval(pre_dispatch) could potentially run arbitrary code. Now only basic numerics are supported. joblib/joblib#1327

• Make sure that joblib works even when multiprocessing is not available, for instance with Pyodide joblib/joblib#1256

• Avoid unnecessary warnings when workers and main process delete the temporary memmap folder contents concurrently. joblib/joblib#1263

• Fix memory alignment bug for pickles containing numpy arrays. This is especially important when loading the pickle with mmap_mode != None as the resulting numpy.memmap object would not be able to correct the misalignment without performing a memory copy. This bug would cause invalid computation and segmentation faults with native code that would directly access the underlying data buffer of a numpy array, for instance C/C++/Cython code compiled with older GCC versions or some old OpenBLAS written in platform specific assembly. joblib/joblib#1254

• Vendor cloudpickle 2.2.0 which adds support for PyPy 3.8+.

• Vendor loky 3.3.0 which fixes several bugs including:

  • robustly forcibly terminating worker processes in case of a crash (joblib/joblib#1269);

  • avoiding leaking worker processes in case of nested loky parallel calls;

  • reliability spawn the correct number of reusable workers.

Release 1.1.1

• Fix a security issue where eval(pre_dispatch) could potentially run arbitrary code. Now only basic numerics are supported. joblib/joblib#1327

Release 1.1.0

• Fix byte order inconsistency issue during deserialization using joblib.load

... (truncated)

• 5991350 Release 1.2.0
• 3fa2188 MAINT cleanup numpy warnings related to np.matrix in tests (#1340)
• cea26ff CI test the future loky-3.3.0 branch (#1338)
• 8aca6f4 MAINT: remove pytest.warns(None) warnings in pytest 7 (#1264)
• 067ed4f XFAIL test_child_raises_parent_exits_cleanly with multiprocessing (#1339)
• ac4ebd5 MAINT add back pytest warnings plugin (#1337)
• a23427d Test child raises parent exits cleanly more reliable on macos (#1335)
• ac09691 [MAINT] various test updates (#1334)
• 4a314b1 Vendor loky 3.2.0 (#1333)
• bdf47e9 Make test_parallel_with_interactively_defined_functions_default_backend timeo...
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from ujson's releases.

5.4.0

Added

• Add support for arbitrary size integers (#548) @​JustAnotherArchivist

Fixed

• CVE-2022-31116:
  • Replace wchar_t string decoding implementation with a uint32_t-based one (#555) @​JustAnotherArchivist
  • Fix handling of surrogates on decoding (#550) @​JustAnotherArchivist
• CVE-2022-31117: Potential double free of buffer during string decoding @​JustAnotherArchivist
• Fix memory leak on encoding errors when the buffer was resized (#549) @​JustAnotherArchivist
• Integer parsing: always detect overflows (#544) @​NaN-git
• Fix handling of surrogates on encoding (#530) @​JustAnotherArchivist

5.3.0

Added

• Test Python 3.11 beta (#539) @​hugovk

Changed

• Benchmark refactor - argparse CLI (#533) @​Erotemic

Fixed

• Fix segmentation faults when errors occur while handling unserialisable objects (#531) @​JustAnotherArchivist
• Fix segmentation fault when an exception is raised while converting a dict key to a string (#526) @​JustAnotherArchivist
• Fix memory leak dumping on non-string dict keys (#521) @​JustAnotherArchivist
• Fix ref counting on repeated default function calls (#524) @​JustAnotherArchivist
• Remove redundant wheel dependency from pyproject.toml (#535) @​hugovk

5.2.0

Added

• Support parsing NaN, Infinity and -Infinity (#514) @​Erotemic
• Support dynamically linking against system double-conversion library (#508) @​musicinmybrain
• Add env var to control stripping debug info (#507) @​musicinmybrain
• Add JSONDecodeError (#498) @​JustAnotherArchivist

Fixed

• Fix buffer overflows (CVE-2021-45958) (#519) @​JustAnotherArchivist
• Upgrade Black to fix Click (#515) @​hugovk
• simplify exception handling on integer overflow (#510) @​RouquinBlanc
• Remove dead code that used to handle the separate int type in Python 2 (#509) @​JustAnotherArchivist
• Fix exceptions on encoding list or dict elements and non-overflow errors on int handling getting silenced (#505) @​JustAnotherArchivist

5.1.0

Changed

... (truncated)

• 9c20de0 Merge pull request from GHSA-fm67-cv37-96ff
• b21da40 Fix double free on string decoding if realloc fails
• 67ec071 Merge pull request #555 from JustAnotherArchivist/fix-decode-surrogates-2
• bc7bdff Replace wchar_t string decoding implementation with a uint32_t-based one
• cc70119 Merge pull request #548 from JustAnotherArchivist/arbitrary-ints
• 4b5cccc Merge pull request #553 from bwoodsend/pypy-ci
• abe26fc Merge pull request #551 from bwoodsend/bye-bye-travis
• 3efb5cc Delete old TravisCI workflow and references.
• 404de1a xfail test_decode_surrogate_characters() on Windows PyPy.
• f7e66dc Switch to musl docker base images.
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

Sourced from nltk's changelog.

Version 3.7 2022-02-09

• Improve and update the NLTK team page on nltk.org (#2855, #2941)
• Drop support for Python 3.6, support Python 3.10 (#2920)

Version 3.6.7 2021-12-28

• Resolve IndexError in sent_tokenize and word_tokenize (#2922)

Version 3.6.6 2021-12-21

• Refactor gensim.doctest to work for gensim 4.0.0 and up (#2914)
• Add Precision, Recall, F-measure, Confusion Matrix to Taggers (#2862)
• Added warnings if .zip files exist without any corresponding .csv files. (#2908)
• Fix FileNotFoundError when the download_dir is a non-existing nested folder (#2910)
• Rename omw to omw-1.4 (#2907)
• Resolve ReDoS opportunity by fixing incorrectly specified regex (#2906)
• Support OMW 1.4 (#2899)
• Deprecate Tree get and set node methods (#2900)
• Fix broken inaugural test case (#2903)
• Use Multilingual Wordnet Data from OMW with newer Wordnet versions (#2889)
• Keep NLTKs "tokenize" module working with pathlib (#2896)
• Make prettyprinter to be more readable (#2893)
• Update links to the nltk book (#2895)
• Add CITATION.cff to nltk (#2880)
• Resolve serious ReDoS in PunktSentenceTokenizer (#2869)
• Delete old CI config files (#2881)
• Improve Tokenize documentation + add TokenizerI as superclass for TweetTokenizer (#2878)
• Fix expected value for BLEU score doctest after changes from #2572
• Add multi Bleu functionality and tests (#2793)
• Deprecate 'return_str' parameter in NLTKWordTokenizer and TreebankWordTokenizer (#2883)
• Allow empty string in CFG's + more (#2888)
• Partition tree.py module into tree package + pickle fix (#2863)
• Fix several TreebankWordTokenizer and NLTKWordTokenizer bugs (#2877)
• Rewind Wordnet data file after each lookup (#2868)
• Correct init call for SyntaxCorpusReader subclasses (#2872)
• Documentation fixes (#2873)
• Fix levenstein distance for duplicated letters (#2849)
• Support alternative Wordnet versions (#2860)
• Remove hundreds of formatting warnings for nltk.org (#2859)
• Modernize nltk.org/howto pages (#2856)
• Fix Bleu Score smoothing function from taking log(0) (#2839)
• Update third party tools to newer versions and removing MaltParser fixed version (#2832)
• Fix TypeError: _pretty() takes 1 positional argument but 2 were given in sem/drt.py (#2854)
• Replace http with https in most URLs (#2852)

Thanks to the following contributors to 3.6.6 Adam Hawley, BatMrE, Danny Sepler, Eric Kafe, Gavish Poddar, Panagiotis Simakis, RnDevelover, Robby Horvath, Tom Aarsen, Yuta Nakamura, Mohaned Mashaly

... (truncated)

• 4862b09 updates for 3.6.6
• 6b60213 Refactor gensim.doctest to work for gensim 4.0.0 and up (#2914)
• 59aa3fb Fix decode error for bllip parser (#2897)
• a28d256 Add Precision, Recall, F-measure, Confusion Matrix to Taggers (#2862)
• 72d9885 Added warnings if .zip files exist without any corresponding .csv files. (#2908)
• dea7b44 Fix FileNotFoundError when the download_dir is a non-existing nested fold...
• abbe86b Undo #2909 due to unexpected test failure
• c075dab Allow commits with /nocache to not use the cache (#2909)
• d6d513d Renamed omw to omw-1.4 (#2907)
• 2a50a3e Resolve ReDoS opportunity by fixing incorrectly specified regex (#2906)
• Additional commits viewable in compare view

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
• @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
• @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
• @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
• @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.