chore(deps): bump the pip group across 1 directory with 3 updates

[dependabot]

Bumps the pip group with 3 updates in the / directory: prefect, langchain-core and pillow.

Updates prefect from 2.16.2 to 2.16.5

Release notes

Sourced from prefect's releases.

Release 2.16.5

Multi-select deletion of flow runs

It is now easier to bulk select and delete flow runs through the UI. Listings of filterable and selectable flow runs (e.g. on the flow runs, flow, and deployment pages) now include a top-level checkbox for (de)selecting all currently filtered flow runs for bulk deletion.

See the following pull request for implementation details:

• PrefectHQ/prefect#12356
• PrefectHQ/prefect-ui-library#2227
• PrefectHQ/prefect#12285

Visualize state changes and artifacts in the UI

Additionally, the flow run graph UI enhancements for visualizing state changes and artifacts added in 2.16.4 are now enabled by default. See the release notes in 2.16.4 for more details!

Full Changelog: PrefectHQ/prefect@2.16.4...2.16.5

---

See the release notes for more!

Release 2.16.4

Flow Run Graph updates

The Flow Run Graph has been updated to display additional layers of information! Interactive and real-time state changes and artifacts are now visible in context on the graph.

These new layers are available for opt-in usage via the PREFECT_EXPERIMENTAL_ENABLE_ARTIFACTS_ON_FLOW_RUN_GRAPH and PREFECT_EXPERIMENTAL_ENABLE_STATES_ON_FLOW_RUN_GRAPH settings.

Agents

A year ago, we released workers as a replacement for agents. Workers significantly enhance the experience of deploying flows and simplify the specification of each flow's infrastructure and runtime environment.

With this release we are adding a six month (September 14) deprecation warning to agents and related concepts. Please note that:

• Deprecation will not impact or break any work running with agents and agent-related concepts - although we encourage users to upgrade to workers because they provide a better deployment experience, you can continue to use existing agents and related concepts after deprecation
• After September 14, Prefect Cloud users will not be able to create new agent work pools or infrastructure blocks
• After September 14, new minor versions of the Prefect Python package will not include agents

Like agents, workers support creating deployments through the Prefect CLI and through Python, but require different syntax. For more information, please refer to the Upgrade from Agents to Workers guide.

Enhancements

• Give better client-side feedback on websocket authT/authZ issues - PrefectHQ/prefect#12221
• Allow table artifact cells to render markdown content - [#2190](https://github.com/PrefectHQ/prefect/issues/2190)
• Add an 'AzureBlobStorageContainer' block - [#139](https://github.com/PrefectHQ/prefect/issues/139)
• API for task run counts by state - PrefectHQ/prefect#12244
• Improved UI handling of custom flow run states. Badges for a state with a custom name will now more closely resemble their underlying state - PrefectHQ/prefect-ui-library#2210 and PrefectHQ/prefect-ui-library#2208

Fixes

• Fix support for legacy schedule in build_from_flow - PrefectHQ/prefect#12257

... (truncated)

Changelog

Sourced from prefect's changelog.

Release 2.16.5

Multi-select deletion of flow runs

It is now easier to bulk select and delete flow runs through the UI. Listings of filterable and selectable flow runs (e.g. on the flow runs, flow, and deployment pages) now include a top-level checkbox for (de)selecting all currently filtered flow runs for bulk deletion.

See the following pull request for implementation details:

• PrefectHQ/prefect#12356
• PrefectHQ/prefect-ui-library#2227
• PrefectHQ/prefect#12285

Visualize state changes and artifacts in the UI

Additionally, the flow run graph UI enhancements for visualizing state changes and artifacts added in 2.16.4 are now enabled by default. See the release notes in 2.16.14 for more details!

Enhancements

• Keep artifacts file in prefect-client — PrefectHQ/prefect#12316
• remove feature flagging around enhanced-deployment-experiment — PrefectHQ/prefect#12360
• Feature : #11773 UI: Add checkboxes for runs for an individual flow to allow multi-selection/-deletion — PrefectHQ/prefect#12285
• Add a capability to verify ssl certificates in Prefect CLI — PrefectHQ/prefect#11771
• Add prefect task-run command group to CLI — PrefectHQ/prefect#12307
• Correct emit background task state change events — PrefectHQ/prefect#12352
• Update CsrfTokenApi to retry failed requests due to invalid tokens — PrefectHQ/prefect#12373

Fixes

• Refactor logic to set task_key for background tasks — PrefectHQ/prefect#12337
• Correct a memory leak with the outbound task run websockets — PrefectHQ/prefect#12346
• Correctly type hint in flow run state change hooks — PrefectHQ/prefect#12231

Experimental

• Create CsrfToken model and utilities — PrefectHQ/prefect#12289
• Create csrf_token endpoint to generate tokens for clients — PrefectHQ/prefect#12297
• Integrate CsrfMiddleware into API server — PrefectHQ/prefect#12303
• Add CSRF support to client — PrefectHQ/prefect#12314
• Return 422 when CSRF is disabled and delete expired tokens — PrefectHQ/prefect#12342
• Add model_dump definition for Pydantic v2 compatibility layer — PrefectHQ/prefect#12345
• Add experimental model_json_schema definition for Pydantic V2 compatibility - PrefectHQ/prefect#12362
• Implement CSRF support in the UI — PrefectHQ/prefect#12354

Documentation

• Add upstream dependencies guide to docs — PrefectHQ/prefect#12351
• Update documentation on event and metric automation triggers — PrefectHQ/prefect#12366
• Add documentation on compound and sequence automation triggers — PrefectHQ/prefect#12374
• Add CSRF settings to common settings section in docs — PrefectHQ/prefect#12376

Uncategorized

• Pin BuildKit to 0.12.5 to fix issue with test image build — PrefectHQ/prefect#12343
• Backporting the Prefect Cloud composite trigger schemas — PrefectHQ/prefect#12378

Contributors

... (truncated)

Commits

• 6d0ad74 Add release notes for 2.16.5 (#12383)
• 6ef2190 Revert "Enhancement: Base client retry on 500 (#12084)" (#12385)
• 20612b5 CSRF is defaulting to False for now (#12386)
• 7193e1e Add experimental model_json_schema function for Pydantic V2 compatibility (...
• b2df34d Attempt to fix agent/work queue test CI flakes (#12375)
• 6e1886e Feature : #11773 UI: Add checkboxes for runs for an indivdual flow to allow m...
• c962546 Backporting the Prefect Cloud composite trigger schemas (#12378)
• 9e79cdc Add a line about appropriate settings for flow run graph layers. (#12380)
• c2416f0 add a capability to verify ssl certificate in Prefect CLI (#11771)
• 1ea9e0e Update @​prefecthq/prefect-ui-library to version 2.6.46 (#12379)
• Additional commits viewable in compare view

Updates langchain-core from 0.1.27 to 0.1.35

Commits

• See full diff in compare view

Updates pillow from 10.2.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@​hugovk]
• Use functools.lru_cache for hopper() #7912 [@​hugovk]
• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [@​radarhere]
• Improve speed of loading QOI images #7925 [@​radarhere]
• Added RGB to I;16N conversion #7920 [@​radarhere]
• Add --report argument to main.py to omit supported formats #7818 [@​nulano]
• Added RGB to I;16, I;16L and I;16B conversion #7918 [@​radarhere]
• Fix editable installation with custom build backend and configuration options #7658 [@​nulano]
• Fix putdata() for I;16N on big-endian #7209 [@​Yay295]
• Determine MPO size from markers, not EXIF data #7884 [@​radarhere]
• Improved conversion from RGB to RGBa, LA and La #7888 [@​radarhere]
• Support FITS images with GZIP_1 compression #7894 [@​radarhere]
• Use I;16 mode for 9-bit JPEG 2000 images #7900 [@​scaramallion]
• Raise ValueError if kmeans is negative #7891 [@​radarhere]
• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [@​radarhere]
• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [@​radarhere]
• Added reading of JPEG2000 palettes #7870 [@​radarhere]
• Added alpha_quality argument when saving WebP images #7872 [@​radarhere]
• Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881 [@​radarhere]
• Removed Python and NumPy pinning on Cygwin #7880 [@​radarhere]
• Update UnidentifiedImageError and version imports #7644 [@​radarhere]
• Stop reading EPS image at EOF marker #7753 [@​radarhere]
• PSD layer co-ordinates may be negative #7706 [@​radarhere]
• Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [@​radarhere]
• When saving GIF frame that restores to background color, do not fill identical pixels #7788 [@​radarhere]
• Fixed reading PNG iCCP compression method #7823 [@​radarhere]
• Allow writing IFDRational to UNDEFINED tag #7840 [@​radarhere]
• Fix logged tag name when loading Exif data #7842 [@​radarhere]
• Use maximum frame size in IHDR chunk when saving APNG images #7821 [@​radarhere]
• Prevent opening P TGA images without a palette #7797 [@​radarhere]
• Use palette when loading ICO images #7798 [@​radarhere]
• Use consistent arguments for load_read and load_seek #7713 [@​radarhere]
• Turn off nullability warnings for macOS SDK #7827 [@​radarhere]
• Fix shift-sign issue in Convert.c #7838 [@​r-barnes]
• winbuild: Refactor dependency versions into constants #7843 [@​hugovk]
• Build macOS arm64 wheels natively #7852 [@​radarhere]
• Fixed typo #7855 [@​radarhere]
• Open 16-bit grayscale PNGs as I;16 #7849 [@​radarhere]
• Handle truncated chunks at the end of PNG images #7709 [@​lajiyuan]
• Match mask size to pasted image size in GifImagePlugin #7779 [@​radarhere]
• Changed SupportsGetMesh protocol to be public #7841 [@​radarhere]
• Release GIL while calling WebPAnimDecoderGetNext #7782 [@​evanmiller]
• Fixed reading FLI/FLC images with a prefix chunk #7804 [@​twolife]
• Updated package name for Tidelift #7810 [@​radarhere]
• Removed unused code #7744 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

• Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

• Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

• Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

• Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

• Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

• Determine MPO size from markers, not EXIF data #7884 [radarhere]

• Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

• Support FITS images with GZIP_1 compression #7894 [radarhere]

• Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

• Raise ValueError if kmeans is negative #7891 [radarhere]

• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

• Added reading of JPEG2000 palettes #7870 [radarhere]

• Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits

• 5c89d88 10.3.0 version bump
• 63cbfcf Update CHANGES.rst [ci skip]
• 2776126 Merge pull request #7928 from python-pillow/lcms
• aeb51cb Merge branch 'main' into lcms
• 5beb0b6 Update CHANGES.rst [ci skip]
• cac6ffa Merge pull request #7927 from python-pillow/imagemath
• f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
• facf3af Added release notes
• 2a93aba Use strncpy to avoid buffer overflow
• a670597 Update CHANGES.rst [ci skip]
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
vortex	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Apr 3, 2024 4:42pm

[dependabot]

Superseded by #27.