github-starred/cs249r_book
2
0
Fork 0
mirror of https://github.com/harvard-edge/cs249r_book.git synced 2026-05-08 02:28:25 -05:00
Code Issues 85 Packages Projects Releases 24 Wiki Activity

[PR #1562] [MERGED] deps(book): update nltk requirement from >=3.8 to >=3.9.2 #8269

New Issue
Closed
opened 2026-04-27 17:37:56 -05:00 by GiteaMirror · 0 comments
GiteaMirror commented 2026-04-27 17:37:56 -05:00
Owner
Copy Link

📋 Pull Request Information

Original PR: https://github.com/harvard-edge/cs249r_book/pull/1562
Author: @dependabot[bot]
Created: 4/27/2026
Status: Merged
Merged: 4/27/2026
Merged by: @profvjreddi

Base: devHead: dependabot/pip/dev/nltk-gte-3.9.2

📝 Commits (1)

  • 75f76da deps(book): update nltk requirement from >=3.8 to >=3.9.2

📊 Changes

1 file changed (+1 additions, -1 deletions)

View changed files

📝 book/tools/dependencies/requirements.txt (+1 -1)

📄 Description

Updates the requirements on nltk to permit the latest version.

Changelog

Sourced from nltk's changelog.

Version 3.9.4 2026-03-24

  • Support Python 3.14
  • Fix bug in Levenshtein distance when substitution_cost > 2
  • Fix bug in Treebank detokeniser re quote ordering
  • Fix bug in Jaro similarity for empty strings
  • Several security enhancements
  • Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder
  • Implement TextTiling vocabulary introduction method (Hearst 1997)
  • Fix ALINE feature matrix errors and add comprehensive tests
  • Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids
  • Let downloader fallback to md5 when sha256 is unavailable
  • Several other minor bugfixes and code cleanups

Thanks to the following contributors to 3.9.4: Min-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01, jancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,

Version 3.9.3 2026-02-21

  • Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (#3468)
  • Block path traversal/arbitrary reads in nltk.data for protocol-less refs (#3467)
  • Block path traversal/abs paths in corpus readers and FS pointers (#3479, #3480)
  • Validate external StanfordSegmenter JARs using SHA256 (#3477)
  • Add optional sandbox enforcement for filestring() (#3485)
  • Maintenance: downloader/zipped models, CI/tooling updates

Thanks to the following contributors to 3.9.3: Chris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith

Version 3.9.2 2025-10-01

  • Update download checksums to use SHA256 in built index
  • Fix percentage escape in new-style string formatting
  • replace shortened URLs using goo.gl
  • Make Wordnet interoperable with various taggers and tagged corpora
  • Fix saving PerceptronTagger
  • Document how to reproduce old Wordnet studies
  • properly initialize Portuguese corpus reader
  • support for mixed rules conversion into Chomsky Normal Form
  • only import tkinter if a GUI is needed
  • issue #2112 with Corenlp
  • new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL
  • Lesk defaults to most frequent sense in case of ties

Thanks to the following contributors to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq, Christopher Smith, Ryan Mannion

Version 3.9.1 2024-08-19

... (truncated)

Commits
  • 4e17ea3 Updates for 3.9.2
  • 77ed66b Merge pull request #3425 from ekaf/ci-blank-data
  • 13d6791 Update .github/workflows/ci.yml
  • d2cf5d4 Ensure nltk_data path is in the environment
  • 4473fde Test CI with no data
  • 1f1614b Merge pull request #3349 from ShadokDuBas/fix/bug_ccg_logic_side_effect_on_le...
  • 7e9779e Merge pull request #3419 from ekaf/hotfix-3416
  • 83bd737 Merge pull request #3423 from purificant/_dependabot
  • e96cce0 Merge pull request #3422 from purificant/_pre_commit
  • bcf6ea6 Merge pull request #3421 from purificant/_py_versions
  • Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.

## 📋 Pull Request Information **Original PR:** https://github.com/harvard-edge/cs249r_book/pull/1562 **Author:** [@dependabot[bot]](https://github.com/apps/dependabot) **Created:** 4/27/2026 **Status:** ✅ Merged **Merged:** 4/27/2026 **Merged by:** [@profvjreddi](https://github.com/profvjreddi) **Base:** `dev` ← **Head:** `dependabot/pip/dev/nltk-gte-3.9.2` --- ### 📝 Commits (1) - [`75f76da`](https://github.com/harvard-edge/cs249r_book/commit/75f76dac685858b930ea7f9321375d0858fe9a7e) deps(book): update nltk requirement from >=3.8 to >=3.9.2 ### 📊 Changes **1 file changed** (+1 additions, -1 deletions) <details> <summary>View changed files</summary> 📝 `book/tools/dependencies/requirements.txt` (+1 -1) </details> ### 📄 Description Updates the requirements on [nltk](https://github.com/nltk/nltk) to permit the latest version. <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/nltk/nltk/blob/develop/ChangeLog">nltk's changelog</a>.</em></p> <blockquote> <p>Version 3.9.4 2026-03-24</p> <ul> <li>Support Python 3.14</li> <li>Fix bug in Levenshtein distance when substitution_cost &gt; 2</li> <li>Fix bug in Treebank detokeniser re quote ordering</li> <li>Fix bug in Jaro similarity for empty strings</li> <li>Several security enhancements</li> <li>Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder</li> <li>Implement TextTiling vocabulary introduction method (Hearst 1997)</li> <li>Fix ALINE feature matrix errors and add comprehensive tests</li> <li>Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids</li> <li>Let downloader fallback to md5 when sha256 is unavailable</li> <li>Several other minor bugfixes and code cleanups</li> </ul> <p>Thanks to the following contributors to 3.9.4: Min-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01, jancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,</p> <p>Version 3.9.3 2026-02-21</p> <ul> <li>Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (<a href="https://redirect.github.com/nltk/nltk/issues/3468">#3468</a>)</li> <li>Block path traversal/arbitrary reads in nltk.data for protocol-less refs (<a href="https://redirect.github.com/nltk/nltk/issues/3467">#3467</a>)</li> <li>Block path traversal/abs paths in corpus readers and FS pointers (<a href="https://redirect.github.com/nltk/nltk/issues/3479">#3479</a>, <a href="https://redirect.github.com/nltk/nltk/issues/3480">#3480</a>)</li> <li>Validate external StanfordSegmenter JARs using SHA256 (<a href="https://redirect.github.com/nltk/nltk/issues/3477">#3477</a>)</li> <li>Add optional sandbox enforcement for filestring() (<a href="https://redirect.github.com/nltk/nltk/issues/3485">#3485</a>)</li> <li>Maintenance: downloader/zipped models, CI/tooling updates</li> </ul> <p>Thanks to the following contributors to 3.9.3: Chris Clauss, Eric Kafe, HyperPS, purificant, Shivansh-Game, Christopher Smith</p> <p>Version 3.9.2 2025-10-01</p> <ul> <li>Update download checksums to use SHA256 in built index</li> <li>Fix percentage escape in new-style string formatting</li> <li>replace shortened URLs using goo.gl</li> <li>Make Wordnet interoperable with various taggers and tagged corpora</li> <li>Fix saving PerceptronTagger</li> <li>Document how to reproduce old Wordnet studies</li> <li>properly initialize Portuguese corpus reader</li> <li>support for mixed rules conversion into Chomsky Normal Form</li> <li>only import tkinter if a GUI is needed</li> <li>issue <a href="https://redirect.github.com/nltk/nltk/issues/2112">#2112</a> with Corenlp</li> <li>new environment variable NLTK_DOWNLOADER_FORCE_INTERACTIVE_SHELL</li> <li>Lesk defaults to most frequent sense in case of ties</li> </ul> <p>Thanks to the following contributors to 3.9.2: Jose Cols, Peter de Blanc, GeneralPoxter, Eric Kafe, William LaCroix, Jason Liu, Samer Masterson, Mike014, purificant, Andrew Ernest Ritz, samertm, Ikram Ul Haq, Christopher Smith, Ryan Mannion</p> <p>Version 3.9.1 2024-08-19</p> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/nltk/nltk/commit/4e17ea390c526ec9cb9e5ef5eb3733ac118dbb8d"><code>4e17ea3</code></a> Updates for 3.9.2</li> <li><a href="https://github.com/nltk/nltk/commit/77ed66b20810aac7aacf0b58f4dd661a827c5b7f"><code>77ed66b</code></a> Merge pull request <a href="https://redirect.github.com/nltk/nltk/issues/3425">#3425</a> from ekaf/ci-blank-data</li> <li><a href="https://github.com/nltk/nltk/commit/13d6791c6890045421d7e85a1e092c9fd1c36c1d"><code>13d6791</code></a> Update .github/workflows/ci.yml</li> <li><a href="https://github.com/nltk/nltk/commit/d2cf5d4ea213ac995d8e080974fdfc13c3b38574"><code>d2cf5d4</code></a> Ensure nltk_data path is in the environment</li> <li><a href="https://github.com/nltk/nltk/commit/4473fde9ee1bbbea1bdd153459b4d616580011ee"><code>4473fde</code></a> Test CI with no data</li> <li><a href="https://github.com/nltk/nltk/commit/1f1614b8d8d920d365db01f0658097442a49d802"><code>1f1614b</code></a> Merge pull request <a href="https://redirect.github.com/nltk/nltk/issues/3349">#3349</a> from ShadokDuBas/fix/bug_ccg_logic_side_effect_on_le...</li> <li><a href="https://github.com/nltk/nltk/commit/7e9779e52cd437062821f3533b72329a0be9a9c4"><code>7e9779e</code></a> Merge pull request <a href="https://redirect.github.com/nltk/nltk/issues/3419">#3419</a> from ekaf/hotfix-3416</li> <li><a href="https://github.com/nltk/nltk/commit/83bd737a962b38d58dd972f814b0a72748b5f98c"><code>83bd737</code></a> Merge pull request <a href="https://redirect.github.com/nltk/nltk/issues/3423">#3423</a> from purificant/_dependabot</li> <li><a href="https://github.com/nltk/nltk/commit/e96cce089011ce08085499f84cca4c4331eb9506"><code>e96cce0</code></a> Merge pull request <a href="https://redirect.github.com/nltk/nltk/issues/3422">#3422</a> from purificant/_pre_commit</li> <li><a href="https://github.com/nltk/nltk/commit/bcf6ea6b8fcca81940439af354788c257468d59e"><code>bcf6ea6</code></a> Merge pull request <a href="https://redirect.github.com/nltk/nltk/issues/3421">#3421</a> from purificant/_py_versions</li> <li>Additional commits viewable in <a href="https://github.com/nltk/nltk/compare/3.8...3.9.2">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore this major version` will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this minor version` will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - `@dependabot ignore this dependency` will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) </details> --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>
GiteaMirror added the pull-request label 2026-04-27 17:37:56 -05:00
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
area: book
area: collabs
area: kits
area: socratiq
area: tinytorch
area: tools
area: website
bug
dependencies
format: epub
format: pdf
link-health
link-rot
priority-high
pull-request
Mirrored from GitHub Pull Request
 staffml
type: bug
type: citation
type: code
type: errata
type: improvement
type: new
type: question
vault-sli
No Label pull-request
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/cs249r_book#8269
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?