Bump the pytorch group across 1 directory with 5 updates

[dependabot]

Bumps the pytorch group with 5 updates in the /pytorch directory:

Package	From	To
numpy	2.1.3	2.2.1
psutil	6.1.0	6.1.1
intel-openmp	2025.0.2	2025.0.4
jupyterlab	4.3.1	4.3.4
notebook	7.3.0rc0	7.4.0a0

Updates numpy from 2.1.3 to 2.2.1

Release notes

Sourced from numpy's releases.

2.2.1 (DEC 21, 2024)

NumPy 2.2.1 Release Notes

NumPy 2.2.1 is a patch release following 2.2.0. It fixes bugs found after the 2.2.0 release and has several maintenance pins to work around upstream changes.

There was some breakage in downstream projects following the 2.2.0 release due to updates to NumPy typing. Because of problems due to MyPy defects, we recommend using basedpyright for type checking, it can be installed from PyPI. The Pylance extension for Visual Studio Code is also based on Pyright. Problems that persist when using basedpyright should be reported as issues on the NumPy github site.

This release supports Python 3.10-3.13.

Contributors

A total of 9 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• Charles Harris
• Joren Hammudoglu
• Matti Picus
• Nathan Goldbaum
• Peter Hawkins
• Simon Altrogge
• Thomas A Caswell
• Warren Weckesser
• Yang Wang +

Pull requests merged

A total of 12 pull requests were merged for this release.

• #27935: MAINT: Prepare 2.2.x for further development
• #27950: TEST: cleanups
• #27958: BUG: fix use-after-free error in npy_hashtable.cpp (#27955)
• #27959: BLD: add missing include
• #27982: BUG:fix compile error libatomic link test to meson.build
• #27990: TYP: Fix falsely rejected value types in ndarray.__setitem__
• #27991: MAINT: Don't wrap #include <Python.h> with extern "C"
• #27993: BUG: Fix segfault in stringdtype lexsort
• #28006: MAINT: random: Tweak module code in mtrand.pyx to fix a Cython...
• #28007: BUG: Cython API was missing NPY_UINTP.
• #28021: CI: pin scipy-doctest to 1.5.1
• #28044: TYP: allow None in operand sequence of nditer

Checksums

... (truncated)

Commits

• 7469245 Merge pull request #28047 from charris/prepare-2.2.1
• acb051e REL: Prepare for the NumPy 2.2.1 release [wheel build]
• 28a091a Merge pull request #28044 from charris/backport-28039
• 723605b TST: Add test for allowing None in operand sequence passed to nditer
• 554739e TYP: allow None in operand sequence of nditer
• 31bc4c8 Merge pull request #28021 from charris/backport-28020
• 32f52a3 CI: pin scipy-doctest to 1.5.1 (#28020)
• 6219aeb Merge pull request #28007 from charris/backport-28005
• eb7071c Merge pull request #28006 from charris/backport-28003
• 4f82c32 BUG: Cython API was missing NPY_UINTP.
• Additional commits viewable in compare view

Updates psutil from 6.1.0 to 6.1.1

Changelog

Sourced from psutil's changelog.

6.1.1

2024-12-19

Enhancements

• 2471_: use Vulture CLI tool to detect dead code.

Bug fixes

• 2418_, [Linux]: fix race condition in case /proc/PID/stat does not exist, but /proc/PID does, resulting in FileNotFoundError.
• 2470_, [Linux]: users()_ may return "localhost" instead of the actual IP address of the user logged in.

Commits

• 58552f6 Merge branch 'master' of github.com:giampaolo/psutil
• 4ba6ad0 ruff: enable PLR5501 (Use elif instead of else then if, to reduce inden...
• 1a63407 use a set literal when testing for membership
• 8162905 disable flafy test + pre-release
• 1f3458b try to fix some flaky tests 2
• c0e1eb1 try to fix some flaky tests 2
• 45934bb try to fix some flaky tests
• 560c524 chore: bump cibuildwheel to 2.22.0, move to macos-13 (#2479)
• b5ea67e fix winmake.py test-parallel
• 13a336b fix #2418 / Linux: fix race condition
• Additional commits viewable in compare view

Updates intel-openmp from 2025.0.2 to 2025.0.4

Updates jupyterlab from 4.3.1 to 4.3.4

Release notes

Sourced from jupyterlab's releases.

v4.3.4

4.3.4

(Full Changelog)

Bugs fixed

• Sync Settings Editor with Updated Settings #17091 (@​Darshan808)
• Focus terminal after copy and paste operations #17097 (@​krassowski)
• Fix background of the popup toolbar #17098 (@​krassowski)
• Fix consecutive invocations of inline completion #17082 (@​fcollonval)
• Fix contrast for unselected search matches in Dark High Contrast theme #17065 (@​krassowski)

Maintenance and upkeep improvements

• Workaround the Chromium bug with navigator.language #17094 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​bollwyvl | @​Darshan808 | @​davidbrochart | @​jtpio | @​jupyterlab-probot | @​krassowski | @​meeseeksmachine

v4.3.3

4.3.3

(Full Changelog)

Bugs fixed

• Use AsyncHTTPTransport over HTTPTransport for httpx #17058 (@​krassowski)
• Fix filebrowser name order #17038 (@​Nriver)
• Remove unused CSS #16968 (@​mgeier)
• Improve drag image styling #16936 (@​JasonWeill)
• Fix newline handling in stream outputs #17043 (@​davidbrochart)
• Reset resizeData after column adjustment to allow file dragging #17047 (@​Darshan808)
• Abort saving if a file cannot be saved #16900 (@​JasonWeill)

Maintenance and upkeep improvements

• Bump nanoid from 3.3.6 to to 3.3.8 #17057 (@​krassowski)
• Restore bottom httpx version window #17041 (@​bollwyvl)

Contributors to this release

(GitHub contributors page for this release)

... (truncated)

Changelog

Sourced from jupyterlab's changelog.

4.3.4

(Full Changelog)

Bugs fixed

• Sync Settings Editor with Updated Settings #17091 (@​Darshan808)
• Focus terminal after copy and paste operations #17097 (@​krassowski)
• Fix background of the popup toolbar #17098 (@​krassowski)
• Fix consecutive invocations of inline completion #17082 (@​fcollonval)
• Fix contrast for unselected search matches in Dark High Contrast theme #17065 (@​krassowski)

Maintenance and upkeep improvements

• Workaround the Chromium bug with navigator.language #17094 (@​krassowski)

Contributors to this release

(GitHub contributors page for this release)

@​bollwyvl | @​Darshan808 | @​davidbrochart | @​jtpio | @​jupyterlab-probot | @​krassowski | @​meeseeksmachine

4.3.3

(Full Changelog)

Bugs fixed

• Use AsyncHTTPTransport over HTTPTransport for httpx #17058 (@​krassowski)
• Fix filebrowser name order #17038 (@​Nriver)
• Remove unused CSS #16968 (@​mgeier)
• Improve drag image styling #16936 (@​JasonWeill)
• Fix newline handling in stream outputs #17043 (@​davidbrochart)
• Reset resizeData after column adjustment to allow file dragging #17047 (@​Darshan808)
• Abort saving if a file cannot be saved #16900 (@​JasonWeill)

Maintenance and upkeep improvements

• Bump nanoid from 3.3.6 to to 3.3.8 #17057 (@​krassowski)
• Restore bottom httpx version window #17041 (@​bollwyvl)

Contributors to this release

(GitHub contributors page for this release)

@​JasonWeill | @​jtpio | @​jupyterlab-probot | @​krassowski | @​meeseeksmachine

4.3.2

... (truncated)

Commits

• ac04260 [ci skip] Publish 4.3.4
• 541b913 Backport PR #17091: Sync Settings Editor with Updated Settings (#17102)
• baa61e0 Backport PR #17097: Focus terminal after copy and paste operations (#17101)
• 3effdff Backport PR #17098: Fix background of the popup toolbar (#17099)
• 4952dee Backport PR #17094: Workaround the Chromium bug with navigator.language (#1...
• 6c4b037 Backport PR #17082: Fix continuous inline completion (#17093)
• ee8a17c Backport PR #17065: Fix contrast for unselected search matches in Dark High C...
• ea92c42 [ci skip] Publish 4.3.3
• 613396a Backport PR #17057: Bump nanoid from 3.3.6 to to 3.3.8 (#17061)
• 38d2123 Backport PR #17058: Use AsyncHTTPTransport over HTTPTransport for httpx...
• Additional commits viewable in compare view

Updates notebook from 7.3.0rc0 to 7.4.0a0

Release notes

Sourced from notebook's releases.

v7.4.0a0

7.4.0a0

(Full Changelog)

Maintenance and upkeep improvements

• Disable cron scheduling for now #7555 (@​jtpio)
• Update to JupyterLab v4.4.0a1 #7554 (@​jtpio)
• Update workflow improvements #7552 (@​jtpio)

Contributors to this release

(GitHub contributors page for this release)

@​github-actions | @​jtpio

v7.3.2

7.3.2

(Full Changelog)

Maintenance and upkeep improvements

• Fix update script #7550 (@​jtpio)
• Fix workflow to update the JupyterLab version #7548 (@​jtpio)
• Bump nanoid from 3.3.7 to 3.3.8 in /ui-tests #7547 (@​dependabot)
• Bump systeminformation from 5.21.8 to 5.23.14 in /ui-tests #7546 (@​dependabot)
• Workflow to update JupyterLab dependencies automatically #7281 (@​itsmevichu)
• Update to JupyterLab v4.3.4 #7551 (@​github-actions)

Documentation improvements

• Update chat links to Zulip. #7539 (@​ericsnekbytes)

Contributors to this release

(GitHub contributors page for this release)

@​Carreau | @​dependabot | @​ericsnekbytes | @​github-actions | @​itsmevichu | @​jtpio | @​krassowski

v7.3.1

7.3.1

(Full Changelog)

... (truncated)

Changelog

Sourced from notebook's changelog.

7.4.0a0

(Full Changelog)

Maintenance and upkeep improvements

• Disable cron scheduling for now #7555 (@​jtpio)
• Update to JupyterLab v4.4.0a1 #7554 (@​jtpio)
• Update workflow improvements #7552 (@​jtpio)

Contributors to this release

(GitHub contributors page for this release)

@​github-actions | @​jtpio

7.3.2

(Full Changelog)

Maintenance and upkeep improvements

• Fix update script #7550 (@​jtpio)
• Fix workflow to update the JupyterLab version #7548 (@​jtpio)
• Bump nanoid from 3.3.7 to 3.3.8 in /ui-tests #7547 (@​dependabot)
• Bump systeminformation from 5.21.8 to 5.23.14 in /ui-tests #7546 (@​dependabot)
• Workflow to update JupyterLab dependencies automatically #7281 (@​itsmevichu)
• Update to JupyterLab v4.3.4 #7551 (@​github-actions)

Documentation improvements

• Update chat links to Zulip. #7539 (@​ericsnekbytes)

Contributors to this release

(GitHub contributors page for this release)

@​Carreau | @​dependabot | @​ericsnekbytes | @​github-actions | @​itsmevichu | @​jtpio | @​krassowski

7.3.1

(Full Changelog)

Maintenance and upkeep improvements

• Adds jupyter-ui-toolkit packages in shared scope #7530 (@​brichet)

Contributors to this release

... (truncated)

Commits

• 9d6f6a2 Publish 7.4.0a0
• 12efbe6 Disable cron scheduling for now (#7555)
• bb8aa0f Update to JupyterLab v4.4.0a1 (#7554)
• edfa5e2 Update workflow improvements (#7552)
• 0d49b45 Publish 7.3.2
• 7959ba0 Update to JupyterLab v4.3.4 (#7551)
• 8760def Fix update script (#7550)
• abd1b8c Fix workflow to update the JupyterLab version (#7548)
• f11252b Bump nanoid from 3.3.7 to 3.3.8 in /ui-tests (#7547)
• 2bfae71 Bump systeminformation from 5.21.8 to 5.23.14 in /ui-tests (#7546)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

The following issues were found:

• ✅ 0 vulnerable package(s)
• ✅ 0 package(s) with incompatible licenses
• ✅ 0 package(s) with invalid SPDX license definitions
• ⚠️ 1 package(s) with unknown licenses.

See the Details below.

License Issues

pytorch/venv-requirements.txt

Package	Version	License	Issue Type
intel-openmp	2025.0.4	Null	Unknown License

OpenSSF Scorecard

Package	Version	Score	Details
pip/jupyterlab	4.3.4	🟢 5.6	Details Check Score Reason Code-Review 🟢 9 Found 24/25 approved changesets -- score normalized to 9 Maintained 🟢 10 30 commit(s) and 16 issue activity found in the last 90 days -- score normalized to 10 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected License 🟢 9 license file detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions CII-Best-Practices ⚠️ 2 badge detected: InProgress Binary-Artifacts 🟢 10 no binaries found in the repo Security-Policy 🟢 10 security policy file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 SAST 🟢 10 SAST tool is run on all commits Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during GetBranch(4.3.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration Vulnerabilities ⚠️ 0 19 existing vulnerabilities detected
pip/notebook	7.4.0a0	🟢 4.2	Details Check Score Reason Code-Review ⚠️ 2 Found 6/26 approved changesets -- score normalized to 2 Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Maintained 🟢 10 30 commit(s) and 9 issue activity found in the last 90 days -- score normalized to 10 Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions License 🟢 10 license file detected Fuzzing ⚠️ 0 project is not fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 Security-Policy 🟢 10 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Branch-Protection ⚠️ -1 internal error: error during GetBranch(7.2.x): error during branchesHandler.query: internal error: githubv4.Query: Resource not accessible by integration SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities ⚠️ 0 25 existing vulnerabilities detected
pip/numpy	2.2.1	🟢 7.9	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection 🟢 3 branch protection is not maximal on development and all release branches CI-Tests 🟢 10 12 out of 12 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 project has 95 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Maintained 🟢 10 30 commit(s) and 22 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 9 SAST tool detected but not run on all commits Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 9 detected GitHub workflow tokens with excessive permissions Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/intel-openmp	2025.0.4	Unknown	Unknown
pip/psutil	6.1.1	🟢 5.6	Details Check Score Reason Maintained 🟢 10 30 commit(s) and 12 issue activity found in the last 90 days -- score normalized to 10 Security-Policy 🟢 10 security policy file detected Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Code-Review ⚠️ 0 Found 2/30 approved changesets -- score normalized to 0 Token-Permissions ⚠️ 0 detected GitHub workflow tokens with excessive permissions Binary-Artifacts 🟢 10 no binaries found in the repo CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0 License 🟢 10 license file detected Fuzzing 🟢 10 project is fuzzed Signed-Releases ⚠️ -1 no releases found Vulnerabilities 🟢 10 0 existing vulnerabilities detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0

Scanned Files

• pytorch/jupyter-requirements.txt
• pytorch/serving/torchserve-xpu-requirements.txt
• pytorch/venv-requirements.txt

[dependabot]

Superseded by #594.