Bump the pip-dependencies group with 4 updates

[dependabot]

Bumps the pip-dependencies group with 4 updates: flask, xarray, scipy and pyarrow.

Updates flask from 3.0.0 to 3.0.1

Release notes

Sourced from flask's releases.

3.0.1

This is a fix release for the 3.0.x feature release branch.

Fixes an issue where using other JSON providers, such as flask-orjson, previously caused loaded session data to have an incorrect format in some cases.

• Changes: https://flask.palletsprojects.com/en/3.0.x/changes/#version-3-0-1
• Milestone: https://github.com/pallets/flask/milestone/32?closed=1
• PyPI: https://pypi.org/project/Flask/3.0.1/

Changelog

Sourced from flask's changelog.

Version 3.0.1

Released 2024-01-18

• Correct type for path argument to send_file. :issue:5230
• Fix a typo in an error message for the flask run --key option. :pr:5344
• Session data is untagged without relying on the built-in json.loads object_hook. This allows other JSON providers that don't implement that. :issue:5381
• Address more type findings when using mypy strict mode. :pr:5383

Commits

• f622b1c release version 3.0.1
• 5fcc999 fix create release action
• da3a0dd fix slsa generator version
• 5e059be update actions versions
• bae6ee8 address mypy strict findings (#5383)
• 81b3c85 update requirements
• 08d3185 update pre-commit hooks
• 6000e80 address mypy strict findings
• 5a48a0f untag without object_hook (#5382)
• 700fc7d untag without object_hook
• Additional commits viewable in compare view

Updates xarray from 2023.12.0 to 2024.1.0

Release notes

Sourced from xarray's releases.

v2024.01.0

This release brings support for weights in correlation and covariance functions, a new DataArray.cumulative aggregation, improvements to xr.map_blocks, an update to our minimum dependencies, and various bugfixes.

Thanks to our 17 contributors to this release:

Abel Aoun, Deepak Cherian, Illviljan, Johan Mathe, Justus Magin, Kai Mühlbauer, Llorenç Lledó, Mark Harfouche, Markel, Mathias Hauser, Maximilian Roos, Michael Niklas, Niclas Rieger, Sébastien Celles, Tom Nicholas, Trinh Quoc Anh, and crusaderky.

Commits

• e91ee89 run CI on python=3.12 (#8605)
• 072f44c Release summary for release v2024.01.0 (#8617)
• d20ba0d Add support for netCDF4.EnumType (#8147)
• 33d51c8 Fix ruff config flagged by repo review (#8611)
• 1580c2c Clean up Dims type annotation (#8606)
• 53fdfca fix and test empty CFTimeIndex (#8600)
• 357a444 Support non-str Hashables in DataArray (#8559)
• 08c8f9a _infer_dtype: remove duplicated code (#8597)
• e4496fe small string fixes (#8598)
• b35f761 Deprecate squeeze in GroupBy. (#8507)
• Additional commits viewable in compare view

Updates scipy from 1.11.4 to 1.12.0

Release notes

Sourced from scipy's releases.

SciPy 1.12.0 Release Notes

SciPy 1.12.0 is the culmination of 6 months of hard work. It contains many new features, numerous bug-fixes, improved test coverage and better documentation. There have been a number of deprecations and API changes in this release, which are documented below. All users are encouraged to upgrade to this release, as there are a large number of bug-fixes and optimizations. Before upgrading, we recommend that users check that their own code does not use deprecated SciPy functionality (to do so, run your code with python -Wd and check for DeprecationWarning s). Our development attention will now shift to bug-fix releases on the 1.12.x branch, and on adding new features on the main branch.

This release requires Python 3.9+ and NumPy 1.22.4 or greater.

For running on PyPy, PyPy3 6.0+ is required.

Highlights of this release

• Experimental support for the array API standard has been added to part of scipy.special, and to all of scipy.fft and scipy.cluster. There are likely to be bugs and early feedback for usage with CuPy arrays, PyTorch tensors, and other array API compatible libraries is appreciated. Use the SCIPY_ARRAY_API environment variable for testing.
• A new class, ShortTimeFFT, provides a more versatile implementation of the short-time Fourier transform (STFT), its inverse (ISTFT) as well as the (cross-) spectrogram. It utilizes an improved algorithm for calculating the ISTFT.
• Several new constructors have been added for sparse arrays, and many operations now additionally support sparse arrays, further facilitating the migration from sparse matrices.
• A large portion of the scipy.stats API now has improved support for handling NaN values, masked arrays, and more fine-grained shape-handling. The accuracy and performance of a number of stats methods have been improved, and a number of new statistical tests and distributions have been added.

New features

scipy.cluster improvements

• Experimental support added for the array API standard; PyTorch tensors, CuPy arrays and array API compatible array libraries are now accepted (GPU support is limited to functions with pure Python implementations). CPU arrays which can be converted to and from NumPy are supported module-wide and returned arrays will match the input type. This behaviour is enabled by setting the SCIPY_ARRAY_API environment variable before importing scipy. This experimental support is still under development and likely to contain bugs - testing is very welcome.

... (truncated)

Commits

• 4edfcaa REL: SciPy 1.12.0 release commit [wheel build]
• e3cff26 Merge pull request #19922 from tylerjereddy/treddy_1_12_0_final_prep
• bf02582 DOC: PR 19922 revisions [wheel build]
• 41ed3d6 Revert "ENH: stats.wasserstein_distance: multivariate Wasserstein distance/EM...
• db2cb8c DOC: update 1.12.0 relnotes
• c76bedf BLD: ensure the name of the installed scipy package is lower-case
• aedbb2b DEP: reflect extended deprecations also in release notes (#19903)
• 0b4c8dc DEP: extend some announced deprecations due to out-of-band 1.13 release (#19892)
• 82dddc5 DOC: 1.12 release notes tweaks (#19877)
• e22a5ff REL: 1.12.0 final unreleased
• Additional commits viewable in compare view

Updates pyarrow from 14.0.2 to 15.0.0

Commits

• a61f4af MINOR: [Release] Update versions for 15.0.0
• 772747b MINOR: [Release] Update .deb/.rpm changelogs for 15.0.0
• 9a9ba9b MINOR: [Release] Update CHANGELOG.md for 15.0.0
• e93d1ee GH-39562: [C++][Parquet] Fix crash in test_parquet_dataset_lazy_filtering (#3...
• d82a5d0 GH-39598: [C#] Fix verification script (#39605)
• ead7735 GH-39604: [JS] Do not use resizable buffers yet (#39607)
• 0f862c9 GH-39624: [R][CI] Add CMake to docker file and update envvars (#39625)
• 209620f GH-39584: [R] fallback to source gracefully (#39587)
• 98e5525 GH-39601: [R] Don't download cmake when TEST_OFFLINE_BUILD=true (#39602)
• eb6076f GH-39588: [CI][Go] Add CGO_ENABLED=1 to cdata_integration build to fix macOS ...
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Package	Line Rate	Branch Rate	Health
unified_graphics	80%	68%	➖
unified_graphics.etl	97%	96%	✔
utils.s3	68%	69%	➖
Summary	84% (369 / 437)	81% (86 / 106)	✔

Minimum allowed line rate is 60%

[dependabot]

Looks like these dependencies are updatable in another way, so this is no longer needed.