Bump the pip group across 2 directories with 4 updates

[dependabot]

Bumps the pip group with 4 updates in the /scripts directory: setuptools, aiohttp, cryptography and nltk.
Bumps the pip group with 3 updates in the /sdk directory: setuptools, aiohttp and cryptography.

Updates setuptools from 69.5.1 to 70.0.0

Changelog

Sourced from setuptools's changelog.

v70.0.0

Features

• Emit a warning when [tools.setuptools] is present in pyproject.toml and will be ignored. -- by :user:SnoopJ (#4150)
• Improved AttributeError error message if pkg_resources.EntryPoint.require is called without extras or distribution Gracefully "do nothing" when trying to activate a pkg_resources.Distribution with a None location, rather than raising a TypeError -- by :user:Avasam (#4262)
• Typed the dynamically defined variables from pkg_resources -- by :user:Avasam (#4267)
• Modernized and refactored VCS handling in package_index. (#4332)

Bugfixes

• In install command, use super to call the superclass methods. Avoids race conditions when monkeypatching from _distutils_system_mod occurs late. (#4136)
• Fix finder template for lenient editable installs of implicit nested namespaces constructed by using package_dir to reorganise directory structure. (#4278)
• Fix an error with UnicodeDecodeError handling in pkg_resources when trying to read files in UTF-8 with a fallback -- by :user:Avasam (#4348)

Improved Documentation

• Uses RST substitution to put badges in 1 line. (#4312)

Deprecations and Removals

• Further adoption of UTF-8 in setuptools. This change regards mostly files produced and consumed during the build process (e.g. metadata files, script wrappers, automatically updated config files, etc..) Although precautions were taken to minimize disruptions, some edge cases might be subject to backwards incompatibility.

  Support for "locale" encoding is now deprecated. (#4309)

• Remove setuptools.convert_path after long deprecation period. This function was never defined by setuptools itself, but rather a side-effect of an import for internal usage. (#4322)

• Remove fallback for customisations of distutils' build.sub_command after long deprecated period. Users are advised to import build directly from setuptools.command.build. (#4322)

• Removed typing_extensions from vendored dependencies -- by :user:Avasam (#4324)

• Remove deprecated setuptools.dep_util. The provided alternative is setuptools.modified. (#4360)

... (truncated)

Commits

• 5cbf12a Workaround for release error in v70
• 9c1bcc3 Bump version: 69.5.1 → 70.0.0
• 4dc0c31 Remove deprecated setuptools.dep_util (#4360)
• 6c1ef57 Remove xfail now that test passes. Ref #4371.
• d14fa01 Add all site-packages dirs when creating simulated environment for test_edita...
• 6b7f7a1 Prevent bin folders to be taken as extern packages when vendoring (#4370)
• 69141f6 Add doctest for vendorised bin folder
• 2a53cc1 Prevent 'bin' folders to be taken as extern packages
• 7208628 Replace call to deprecated validate_pyproject command (#4363)
• 96d681a Remove call to deprecated validate_pyproject command
• Additional commits viewable in compare view

Updates aiohttp from 3.10.2 to 3.10.8

Release notes

Sourced from aiohttp's releases.

3.10.8

Bug fixes

• Fixed cancellation leaking upwards on timeout -- by :user:bdraco.

  Related issues and pull requests on GitHub: #9326.

---

3.10.7

Bug fixes

• Fixed assembling the :class:~yarl.URL for web requests when the host contains a non-default port or IPv6 address -- by :user:bdraco.

  Related issues and pull requests on GitHub: #9309.

Miscellaneous internal changes

• Improved performance of determining if a URL is absolute -- by :user:bdraco.

  The property :attr:~yarl.URL.absolute is more performant than the method URL.is_absolute() and preferred when newer versions of yarl are used.

  Related issues and pull requests on GitHub: #9171.

• Replaced code that can now be handled by yarl -- by :user:bdraco.

  Related issues and pull requests on GitHub: #9301.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.10.8 (2024-09-28)

Bug fixes

• Fixed cancellation leaking upwards on timeout -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:9326.

---

3.10.7 (2024-09-27)

Bug fixes

• Fixed assembling the :class:~yarl.URL for web requests when the host contains a non-default port or IPv6 address -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:9309.

Miscellaneous internal changes

• Improved performance of determining if a URL is absolute -- by :user:bdraco.

  The property :attr:~yarl.URL.absolute is more performant than the method URL.is_absolute() and preferred when newer versions of yarl are used.

  Related issues and pull requests on GitHub: :issue:9171.

• Replaced code that can now be handled by yarl -- by :user:bdraco.

  Related issues and pull requests on GitHub:

... (truncated)

Commits

• 8a7ce94 Release 3.10.8 (#9330)
• a308f74 [PR #9326/fe26ae2 backport][3.10] Fix TimerContext not uncancelling the curre...
• 52e0b91 Fix custom cookies example (#9321) (#9324)
• 609c6e3 Increment version to 3.10.8.dev0
• f9a9e85 Release 3.10.7 (#9320)
• 8220ced [PR #9309/e4028333 backport][3.10] Fix building the URL in BaseRequest when t...
• d32d580 [PR #9301/c240b52 backport][3.10] Replace code that can now be handled by yar...
• fd5ece6 Bump yarl to 1.13.0 (#9302) (#9304)
• d6d2bcc [PR #9294/552dea53 backport][3.10] Backport type fix from #9226 (#9299)
• e6bcfbe [PR #9171/0462ae6b backport][3.10] Switch to using yarl.URL.absolute over `...
• Additional commits viewable in compare view

Updates cryptography from 43.0.0 to 43.0.1

Changelog

Sourced from cryptography's changelog.

43.0.1 - 2024-09-03

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2.
.. _v43-0-0:

Commits

• a773387 bump for 43.0.1 (#11533)
• 0393fef Backport setuptools version ban (#11526)
• 6687bab Bump openssl from 0.10.65 to 0.10.66 in /src/rust (#11320) (#11324)
• See full diff in compare view

Updates nltk from 3.8.1 to 3.9

Changelog

Sourced from nltk's changelog.

Version 3.9.1 2024-08-19

• Fixed bug that prevented wordnet from loading

Version 3.9 2024-08-18

• Fix security vulnerability CVE-2024-39705 (breaking change)
• Replace pickled models (punkt, chunker, taggers) by new pickle-free "_tab" packages
• No longer sort Wordnet synsets and relations (sort in calling function when required)
• Only strip the last suffix in Wordnet Morphy, thus restricting synsets() results
• Add Python 3.12 support
• Many other minor fixes

Thanks to the following contributors to 3.8.2: Tom Aarsen, Cat Lee Ball, Veralara Bernhard, Carlos Brandt, Konstantin Chernyshev, Michael Higgins, Eric Kafe, Vivek Kalyan, David Lukes, Rob Malouf, purificant, Alex Rudnick, Liling Tan, Akihiro Yamazaki.

Version 3.8.1 2023-01-02

• Resolve RCE vulnerability in localhost WordNet Browser (#3100)
• Remove unused tool scripts (#3099)
• Resolve XSS vulnerability in localhost WordNet Browser (#3096)
• Add Python 3.11 support (#3090)

Thanks to the following contributors to 3.8.1: Francis Bond, John Vandenberg, Tom Aarsen

Version 3.8 2022-12-12

• Refactor dispersion plot (#3082)
• Provide type hints for LazyCorpusLoader variables (#3081)
• Throw warning when LanguageModel is initialized with incorrect vocabulary (#3080)
• Fix WordNet's all_synsets() function (#3078)
• Resolve TreebankWordDetokenizer inconsistency with end-of-string contractions (#3070)
• Support both iso639-3 codes and BCP-47 language tags (#3060)
• Avoid DeprecationWarning in Regexp tokenizer (#3055)
• Fix many doctests, add doctests to CI (#3054, #3050, #3048)
• Fix bool field not being read in VerbNet (#3044)
• Greatly improve time efficiency of SyllableTokenizer when tokenizing numbers (#3042)
• Fix encodings of Polish udhr corpus reader (#3038)
• Allow TweetTokenizer to tokenize emoji flag sequences (#3034)
• Prevent LazyModule from increasing the size of nltk.dict (#3033)
• Fix CoreNLPServer non-default port issue (#3031)
• Add "acion" suffix to the Spanish SnowballStemmer (#3030)
• Allow loading WordNet without OMW (#3026)
• Use input() in nltk.chat.chatbot() for Jupyter support (#3022)
• Fix edit_distance_align() in distance.py (#3017)
• Tackle performance and accuracy regression of sentence tokenizer since NLTK 3.6.6 (#3014)
• Add the Iota operator to semantic logic (#3010)
• Resolve critical errors in WordNet app (#3008)
• Resolve critical error in CHILDES Corpus (#2998)
• Make WordNet information_content() accept adjective satellites (#2995)

... (truncated)

Commits

• 24936a2 Bump version to 3.9
• c222897 Merge branch 'develop' of https://github.com/nltk/nltk into develop
• 34c3a4a Merge branch 'develop' of https://github.com/nltk/nltk into develop
• 253dd3a add black
• c43727f Update version
• 7137405 Merge pull request #3066 from asishm/bugfix-lambda-closure-leak
• 369cb9f Merge pull request #3245 from ekaf/hotfix-closuredup
• 501c70e Merge branch 'develop' into hotfix-closuredup
• bf05dc4 Merge pull request #3306 from ekaf/py3_compat
• 66539c7 Sorted output in unit/test_wordnet.py
• Additional commits viewable in compare view

Updates setuptools from 69.5.1 to 70.0.0

Changelog

Sourced from setuptools's changelog.

v70.0.0

Features

• Emit a warning when [tools.setuptools] is present in pyproject.toml and will be ignored. -- by :user:SnoopJ (#4150)
• Improved AttributeError error message if pkg_resources.EntryPoint.require is called without extras or distribution Gracefully "do nothing" when trying to activate a pkg_resources.Distribution with a None location, rather than raising a TypeError -- by :user:Avasam (#4262)
• Typed the dynamically defined variables from pkg_resources -- by :user:Avasam (#4267)
• Modernized and refactored VCS handling in package_index. (#4332)

Bugfixes

• In install command, use super to call the superclass methods. Avoids race conditions when monkeypatching from _distutils_system_mod occurs late. (#4136)
• Fix finder template for lenient editable installs of implicit nested namespaces constructed by using package_dir to reorganise directory structure. (#4278)
• Fix an error with UnicodeDecodeError handling in pkg_resources when trying to read files in UTF-8 with a fallback -- by :user:Avasam (#4348)

Improved Documentation

• Uses RST substitution to put badges in 1 line. (#4312)

Deprecations and Removals

• Further adoption of UTF-8 in setuptools. This change regards mostly files produced and consumed during the build process (e.g. metadata files, script wrappers, automatically updated config files, etc..) Although precautions were taken to minimize disruptions, some edge cases might be subject to backwards incompatibility.

  Support for "locale" encoding is now deprecated. (#4309)

• Remove setuptools.convert_path after long deprecation period. This function was never defined by setuptools itself, but rather a side-effect of an import for internal usage. (#4322)

• Remove fallback for customisations of distutils' build.sub_command after long deprecated period. Users are advised to import build directly from setuptools.command.build. (#4322)

• Removed typing_extensions from vendored dependencies -- by :user:Avasam (#4324)

• Remove deprecated setuptools.dep_util. The provided alternative is setuptools.modified. (#4360)

... (truncated)

Commits

• 5cbf12a Workaround for release error in v70
• 9c1bcc3 Bump version: 69.5.1 → 70.0.0
• 4dc0c31 Remove deprecated setuptools.dep_util (#4360)
• 6c1ef57 Remove xfail now that test passes. Ref #4371.
• d14fa01 Add all site-packages dirs when creating simulated environment for test_edita...
• 6b7f7a1 Prevent bin folders to be taken as extern packages when vendoring (#4370)
• 69141f6 Add doctest for vendorised bin folder
• 2a53cc1 Prevent 'bin' folders to be taken as extern packages
• 7208628 Replace call to deprecated validate_pyproject command (#4363)
• 96d681a Remove call to deprecated validate_pyproject command
• Additional commits viewable in compare view

Updates aiohttp from 3.10.5 to 3.10.8

Release notes

Sourced from aiohttp's releases.

3.10.8

Bug fixes

• Fixed cancellation leaking upwards on timeout -- by :user:bdraco.

  Related issues and pull requests on GitHub: #9326.

---

3.10.7

Bug fixes

• Fixed assembling the :class:~yarl.URL for web requests when the host contains a non-default port or IPv6 address -- by :user:bdraco.

  Related issues and pull requests on GitHub: #9309.

Miscellaneous internal changes

• Improved performance of determining if a URL is absolute -- by :user:bdraco.

  The property :attr:~yarl.URL.absolute is more performant than the method URL.is_absolute() and preferred when newer versions of yarl are used.

  Related issues and pull requests on GitHub: #9171.

• Replaced code that can now be handled by yarl -- by :user:bdraco.

  Related issues and pull requests on GitHub: #9301.

... (truncated)

Changelog

Sourced from aiohttp's changelog.

3.10.8 (2024-09-28)

Bug fixes

• Fixed cancellation leaking upwards on timeout -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:9326.

---

3.10.7 (2024-09-27)

Bug fixes

• Fixed assembling the :class:~yarl.URL for web requests when the host contains a non-default port or IPv6 address -- by :user:bdraco.

  Related issues and pull requests on GitHub: :issue:9309.

Miscellaneous internal changes

• Improved performance of determining if a URL is absolute -- by :user:bdraco.

  The property :attr:~yarl.URL.absolute is more performant than the method URL.is_absolute() and preferred when newer versions of yarl are used.

  Related issues and pull requests on GitHub: :issue:9171.

• Replaced code that can now be handled by yarl -- by :user:bdraco.

  Related issues and pull requests on GitHub:

... (truncated)

Commits

• 8a7ce94 Release 3.10.8 (#9330)
• a308f74 [PR #9326/fe26ae2 backport][3.10] Fix TimerContext not uncancelling the curre...
• 52e0b91 Fix custom cookies example (#9321) (#9324)
• 609c6e3 Increment version to 3.10.8.dev0
• f9a9e85 Release 3.10.7 (#9320)
• 8220ced [PR #9309/e4028333 backport][3.10] Fix building the URL in BaseRequest when t...
• d32d580 [PR #9301/c240b52 backport][3.10] Replace code that can now be handled by yar...
• fd5ece6 Bump yarl to 1.13.0 (#9302) (#9304)
• d6d2bcc [PR #9294/552dea53 backport][3.10] Backport type fix from #9226 (#9299)
• e6bcfbe [PR #9171/0462ae6b backport][3.10] Switch to using yarl.URL.absolute over `...
• Additional commits viewable in compare view

Updates cryptography from 43.0.0 to 43.0.1

Changelog

Sourced from cryptography's changelog.

43.0.1 - 2024-09-03

* Updated Windows, macOS, and Linux wheels to be compiled with OpenSSL 3.3.2.
.. _v43-0-0:

Commits

• a773387 bump for 43.0.1 (#11533)
• 0393fef Backport setuptools version ban (#11526)
• 6687bab Bump openssl from 0.10.65 to 0.10.66 in /src/rust (#11320) (#11324)
• See full diff in compare view

You can trigger a rebase of this PR by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions
  You can disable automated security fix PRs for this repo from the Security Alerts page.

Note
Automatic rebases have been disabled on this pull request as it has been open for over 30 days.