Skip to content

Bump the python group across 1 directory with 3 updates#48

Open
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/python-659727512b
Open

Bump the python group across 1 directory with 3 updates#48
dependabot[bot] wants to merge 1 commit intomainfrom
dependabot/uv/python-659727512b

Conversation

@dependabot
Copy link
Copy Markdown
Contributor

@dependabot dependabot bot commented on behalf of github Apr 1, 2026

Bumps the python group with 2 updates in the / directory: flask and torch.

Updates flask from 3.1.2 to 3.1.3

Release notes

Sourced from flask's releases.

3.1.3

This is the Flask 3.1.3 security fix release, which fixes a security issue but does not otherwise change behavior and should not result in breaking changes compared to the latest feature release.

PyPI: https://pypi.org/project/Flask/3.1.3/ Changes: https://flask.palletsprojects.com/page/changes/#version-3-1-3

  • The session is marked as accessed for operations that only access the keys but not the values, such as in and len. GHSA-68rp-wp8r-4726
Changelog

Sourced from flask's changelog.

Version 3.1.3

Released 2026-02-18

  • The session is marked as accessed for operations that only access the keys but not the values, such as in and len. :ghsa:68rp-wp8r-4726
Commits
  • 22d9247 release version 3.1.3
  • 089cb86 Merge commit from fork
  • c17f379 request context tracks session access
  • 27be933 start version 3.1.3
  • 4e652d3 Abort if the instance folder cannot be created (#5903)
  • 3d03098 Abort if the instance folder cannot be created
  • 407eb76 document using gevent for async (#5900)
  • ac5664d document using gevent for async
  • 4f79d5b Increase required flit_core version to 3.11 (#5865)
  • fe3b215 Increase required flit_core version to 3.11
  • Additional commits viewable in compare view

Updates torch from 2.10.0 to 2.11.0

Release notes

Sourced from torch's releases.

PyTorch 2.11.0 Release Notes

Highlights

For more details about these highlighted features, you can look at the release blogpost. Below are the full release notes for this release.

Backwards Incompatible Changes

Release Engineering

... (truncated)

Commits
  • 70d99e9 [release only] Increase timeout for rocm libtorch and manywheel builds (#178006)
  • 3e05c5a [MPS] Properly handle conjugated tensors in bmm (#178010)
  • db741c7 [MPS] fix compiling of SDPA producing nan results (#178009)
  • 483b55d Update pytorch_sphinx_theme2 version to 0.4.6 (#177616)
  • 7f2cdeb [windows][smoke test] Add an option to install cuda if required cuda/cudnn on...
  • 76fd078 [release-only] Fix libtorch builds. Fix lint (#177299)
  • fa384de [Inductor][MPS] Fix half-precision type mismatches in Metal shader codegen (#...
  • 036b25f Let stable::from_blob accept a lambda as deleter (cherry-pick) (#176440)
  • 41f8e3e [CI] Stop using G3 runners (#177161)
  • e2fa295 [CD] Unpin cuda-bindings dependencies (#177159)
  • Additional commits viewable in compare view

Updates torchvision from 0.25.0 to 0.26.0

Release notes

Sourced from torchvision's releases.

TorchVision 0.26 Release

TorchVision 0.26 is out! It is compatible with torch 2.11. It's a small release that comes with the following changes:

Breaking changes and deprecations

The video decoding and encoding utilities of TorchVision, which have been deprecate for a long time, are now removed. This includes torchvision.io.video.*, read_video, write_video, the VideoReader class, etc. Users are encouraged to switch to TorchCodec, which is faster and more stable.

The rare torchvision utilities that were still relying on video decoding (like the video datasets) have been transparently migrated to TorchCodec.

Note: the image decoders and encoders are staying in TorchVision.

(#9341, #9421, #9370, #9366)

Improvements

[ops] Speed up masks_to_boxes on CPU and GPU (#9358) [ops] Improve runtime complexity of roi_align on MPS (#9100)

Various code quality improvements (#8760, #9364, #9317, #9359, #9334, #9286, #9327) Various documentation improvements (#9339, #9374, #9323, #9324, #8879, #9350)

Bug Fixes

[transforms] Fix edge case conversion from CXCYWH to XYXY for integer bounding boxes in F.convert_bounding_box_format (#9322) [transforms] Fix tv_tensors.wrap to preserve subclass types for BoundingBoxes and KeyPoints (#9332) [transforms] Fix incorrect normalization axis in v2.ElasticTransform (#9300) [ops] Fix masks_to_boxes for empty masks (#9357) [io] Fix CPU jpeg and png decoder/encoder error-path leak on malformed inputs (#9434)

Contributors

🎉 We're grateful for our community, which helps us improve Torchvision by submitting issues and PRs, and providing feedback and suggestions. The following persons have contributed patches for this release:

Adam J. Stewart, Andrey Talman, Jaebeom, MPSFuzz , Murat Raimbekov, Nicolas Hug, ribbon-otter , Roy Hvaara, Salman Chishti, Scott Todd, Zhitao Yu

Commits
  • 336d36e [Cherry-pick for 0.26] Fix CPU decode_jpeg error-path leak on malformed JPEGs...
  • 4fe736f [Cherry-pick for 0.26] Remove rest of video decoder APIs (#9421)
  • 31d3aa3 [Release 0.26] update test-infra refs and version (#9390)
  • 186879a [Release 0.26] remove CVCUDA stuff - not yet ready for release (#9389)
  • b29ac89 [Release 0.26] remove prototype (#9388)
  • 0f6d91d Vectorize masks_to_boxes for performance (#9358)
  • 326a11d ElasticTransform docs: fix issue#8879 (#9350)
  • 74d1285 Fix CXCYWH to XYXY conversion for integer bounding boxes (#9322)
  • 6940e19 add warning for CelebA bbox data (#9339)
  • 4b0a90c Update version to 0.26.0a0 (#9376)
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
  • @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
  • @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
  • @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
  • @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

@dependabot
Bump the python group across 1 directory with 3 updates
00b41d6 
Bumps the python group with 2 updates in the / directory: [flask](https://github.com/pallets/flask) and [torch](https://github.com/pytorch/pytorch).


Updates `flask` from 3.1.2 to 3.1.3
- [Release notes](https://github.com/pallets/flask/releases)
- [Changelog](https://github.com/pallets/flask/blob/main/CHANGES.rst)
- [Commits](pallets/flask@3.1.2...3.1.3)

Updates `torch` from 2.10.0 to 2.11.0
- [Release notes](https://github.com/pytorch/pytorch/releases)
- [Changelog](https://github.com/pytorch/pytorch/blob/main/RELEASE.md)
- [Commits](pytorch/pytorch@v2.10.0...v2.11.0)

Updates `torchvision` from 0.25.0 to 0.26.0
- [Release notes](https://github.com/pytorch/vision/releases)
- [Commits](pytorch/vision@v0.25.0...v0.26.0)

---
updated-dependencies:
- dependency-name: flask
  dependency-version: 3.1.3
  dependency-type: direct:production
  update-type: version-update:semver-patch
  dependency-group: python
- dependency-name: torch
  dependency-version: 2.11.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
- dependency-name: torchvision
  dependency-version: 0.26.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: python
...

Signed-off-by: dependabot[bot] <[email protected]>
@dependabot dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels Apr 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants