Bump the dependabot group with 4 updates (#375)

dependabot[bot] · web-flow · commit 61332fa4d420 · 2025-04-28T06:37:28.000Z
Bumps the dependabot group with 4 updates: [setuptools](https://github.com/pypa/setuptools), [certifi](https://github.com/certifi/python-certifi), [pip](https://github.com/pypa/pip) and [importlib-metadata](https://github.com/python/importlib_metadata). Updates `setuptools` from 79.0.0 to 80.0.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/setuptools/blob/main/NEWS.rst">setuptools's changelog</a>.</em></p> <blockquote> <h1>v80.0.0</h1> <h2>Bugfixes</h2> <ul> <li>Update test to honor new behavior in importlib_metadata 8.7. (<a href="https://redirect.github.com/pypa/setuptools/issues/4961">#4961</a>)</li> </ul> <h2>Deprecations and Removals</h2> <ul> <li>Removed support for the easy_install command including the sandbox module. (<a href="https://redirect.github.com/pypa/setuptools/issues/2908">#2908</a>)</li> <li>Develop command no longer uses easy_install, but instead defers execution to pip (which then will re-invoke Setuptools via PEP 517 to build the editable wheel). Most of the options to develop are dropped. This is the final warning before the command is dropped completely in a few months. Use-cases relying on 'setup.py develop' should pin to older Setuptools version or migrate to modern build tooling. (<a href="https://redirect.github.com/pypa/setuptools/issues/4955">#4955</a>)</li> </ul> <h1>v79.0.1</h1> <h2>Bugfixes</h2> <ul> <li>Merge with pypa/distutils@24bd3179b including fix for <a href="https://redirect.github.com/pypa/distutils/issues/355">pypa/distutils#355</a>.</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/setuptools/commit/aeea79266d82f99dbe556126b90b64215a663a2c"><code>aeea792</code></a> Bump version: 79.0.1 → 80.0.0</li> <li><a href="https://github.com/pypa/setuptools/commit/2c874e78f4240963f74debcaadcccb97cb302ded"><code>2c874e7</code></a> Merge pull request <a href="https://redirect.github.com/pypa/setuptools/issues/4962">#4962</a> from pypa/bugfix/4961-validated-eps</li> <li><a href="https://github.com/pypa/setuptools/commit/82c588aedd8142e7615031358e2d2640213a351d"><code>82c588a</code></a> Update test to honor new behavior in importlib_metadata 8.7</li> <li><a href="https://github.com/pypa/setuptools/commit/ef4cd2960d75f2d49f40f5495347523be62d20e5"><code>ef4cd29</code></a> Merge pull request <a href="https://redirect.github.com/pypa/setuptools/issues/2908">#2908</a> from pypa/debt/remove-easy-install</li> <li><a href="https://github.com/pypa/setuptools/commit/85bbad4945d874a2444e4531c74c5074cdeca010"><code>85bbad4</code></a> Merge branch 'main' into debt/remove-easy-install</li> <li><a href="https://github.com/pypa/setuptools/commit/9653305c35a143b8d1bad2c190f918887dd1e6d5"><code>9653305</code></a> Merge pull request <a href="https://redirect.github.com/pypa/setuptools/issues/4955">#4955</a> from pypa/debt/develop-uses-pip</li> <li><a href="https://github.com/pypa/setuptools/commit/da119e7e996b00b6e26f79995bec55684a3fabbe"><code>da119e7</code></a> Set a due date 6 months in advance.</li> <li><a href="https://github.com/pypa/setuptools/commit/a7603da5d3c709f6f01c8df8031ba7a7ae7959a0"><code>a7603da</code></a> Rename news fragment to reference the pull request for better precise locality.</li> <li><a href="https://github.com/pypa/setuptools/commit/018a20cb130e9357f39c176b59c83738a09d7daa"><code>018a20c</code></a> Restore a few of the options to develop.</li> <li><a href="https://github.com/pypa/setuptools/commit/a5f02fe88d46e963bc470a60a9f8613d7f889d49"><code>a5f02fe</code></a> Remove another test relying on setup.py develop.</li> <li>Additional commits viewable in <a href="https://github.com/pypa/setuptools/compare/v79.0.0...v80.0.0">compare view</a></li> </ul> </details> <br /> Updates `certifi` from 2025.1.31 to 2025.4.26 <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/certifi/python-certifi/commit/275c9eb55733a464589c15fb4566fddd4598e5b2"><code>275c9eb</code></a> 2025.04.26 (<a href="https://redirect.github.com/certifi/python-certifi/issues/347">#347</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/37883310b51e56570919cdc2d44becc1c6940559"><code>3788331</code></a> Bump actions/setup-python from 5.4.0 to 5.5.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/346">#346</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/9d1f1b782000baedf57026de5b79e193bcb7ef7b"><code>9d1f1b7</code></a> Bump actions/download-artifact from 4.1.9 to 4.2.1 (<a href="https://redirect.github.com/certifi/python-certifi/issues/344">#344</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/96b97a5afe26bc1adef98cb0bfe68e34948a73b6"><code>96b97a5</code></a> Bump actions/upload-artifact from 4.6.1 to 4.6.2 (<a href="https://redirect.github.com/certifi/python-certifi/issues/343">#343</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/c054ed3ac3d3505efc929b71cfd87a257bbdb6b3"><code>c054ed3</code></a> Bump peter-evans/create-pull-request from 7.0.7 to 7.0.8 (<a href="https://redirect.github.com/certifi/python-certifi/issues/342">#342</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/44547fc77121b12bb276b44b3b2b49cfcbeac06f"><code>44547fc</code></a> Bump actions/download-artifact from 4.1.8 to 4.1.9 (<a href="https://redirect.github.com/certifi/python-certifi/issues/341">#341</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/5ea51247afecf1bf4ebfa8f2db3082e89a8bfaed"><code>5ea5124</code></a> Bump actions/upload-artifact from 4.6.0 to 4.6.1 (<a href="https://redirect.github.com/certifi/python-certifi/issues/340">#340</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/2f142b7ae0b2d13fee4ba4b9fbd73a9cd5069060"><code>2f142b7</code></a> Bump peter-evans/create-pull-request from 7.0.6 to 7.0.7 (<a href="https://redirect.github.com/certifi/python-certifi/issues/339">#339</a>)</li> <li><a href="https://github.com/certifi/python-certifi/commit/80d2ebdc77d2d005f408f789fe2fb1fe5f4e0265"><code>80d2ebd</code></a> Bump actions/setup-python from 5.3.0 to 5.4.0 (<a href="https://redirect.github.com/certifi/python-certifi/issues/337">#337</a>)</li> <li>See full diff in <a href="https://github.com/certifi/python-certifi/compare/2025.01.31...2025.04.26">compare view</a></li> </ul> </details> <br /> Updates `pip` from 25.0.1 to 25.1 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/pypa/pip/blob/main/NEWS.rst">pip's changelog</a>.</em></p> <blockquote> <h1>25.1 (2025-04-26)</h1> <h2>Deprecations and Removals</h2> <ul> <li>Drop support for Python 3.8. (<code>[#12989](pypa/pip#12989) &lt;https://github.com/pypa/pip/issues/12989&gt;</code>_)</li> <li>On python 3.14+, the <code>pkg_resources</code> metadata backend cannot be used anymore. (<code>[#13010](pypa/pip#13010) &lt;https://github.com/pypa/pip/issues/13010&gt;</code>_)</li> <li>Hide <code>--no-python-version-warning</code> from CLI help and documentation as it's useless since Python 2 support was removed. Despite being formerly slated for removal, the flag will remain as a no-op to avoid breakage. (<code>[#13303](pypa/pip#13303) &lt;https://github.com/pypa/pip/issues/13303&gt;</code>_)</li> <li>A warning is emitted when the deprecated <code>pkg_resources</code> library is used to inspect and discover installed packages. This warning should only be visible to users who set an undocumented environment variable to disable the default <code>importlib.metadata</code> backend. (<code>[#13318](pypa/pip#13318) &lt;https://github.com/pypa/pip/issues/13318&gt;</code>_)</li> <li>Deprecate the legacy <code>setup.py bdist_wheel</code> mechanism. To silence the warning, and future-proof their setup, users should enable <code>--use-pep517</code> or add a <code>pyproject.toml</code> file to the projects they control. (<code>[#13319](pypa/pip#13319) &lt;https://github.com/pypa/pip/issues/13319&gt;</code>_)</li> </ul> <h2>Features</h2> <ul> <li> <p>Suggest checking &quot;pip config debug&quot; in case of an InvalidProxyURL error. (<code>[#12649](pypa/pip#12649) &lt;https://github.com/pypa/pip/issues/12649&gt;</code>_)</p> </li> <li> <p>Using <code>--debug</code> also enables verbose logging. (<code>[#12710](pypa/pip#12710) &lt;https://github.com/pypa/pip/issues/12710&gt;</code>_)</p> </li> <li> <p>Display a transient progress bar during package installation. (<code>[#12712](pypa/pip#12712) &lt;https://github.com/pypa/pip/issues/12712&gt;</code>_)</p> </li> <li> <p>Minor performance improvement when installing packages with a large number of dependencies by increasing the requirement string cache size. (<code>[#12873](pypa/pip#12873) &lt;https://github.com/pypa/pip/issues/12873&gt;</code>_)</p> </li> <li> <p>Add a <code>--group</code> option which allows installation from :pep:<code>735</code> Dependency Groups. <code>--group</code> accepts arguments of the form <code>group</code> or <code>path:group</code>, where the default path is <code>pyproject.toml</code>, and installs the named Dependency Group from the provided <code>pyproject.toml</code> file. (<code>[#12963](pypa/pip#12963) &lt;https://github.com/pypa/pip/issues/12963&gt;</code>_)</p> </li> <li> <p>Add support to enable resuming incomplete downloads.</p> <p>Control the number of retry attempts using the <code>--resume-retries</code> flag. (<code>[#12991](pypa/pip#12991) &lt;https://github.com/pypa/pip/issues/12991&gt;</code>_)</p> </li> <li> <p>Use :pep:<code>753</code> &quot;Well-known Project URLs in Metadata&quot; normalization rules when identifying an equivalent project URL to replace a missing <code>Home-Page</code> field in <code>pip show</code>. (<code>[#13135](pypa/pip#13135) &lt;https://github.com/pypa/pip/issues/13135&gt;</code>_)</p> </li> <li> <p>Remove <code>experimental</code> warning from <code>pip index versions</code> command. (<code>[#13188](pypa/pip#13188) &lt;https://github.com/pypa/pip/issues/13188&gt;</code>_)</p> </li> <li> <p>Add a structured <code>--json</code> output to <code>pip index versions</code> (<code>[#13194](pypa/pip#13194) &lt;https://github.com/pypa/pip/issues/13194&gt;</code>_)</p> </li> <li> <p>Add a new, <em>experimental</em>, <code>pip lock</code> command, implementing :pep:<code>751</code>. (<code>[#13213](pypa/pip#13213) &lt;https://github.com/pypa/pip/issues/13213&gt;</code>_)</p> </li> <li> <p>Speed up resolution by first only considering the preference of candidates that must be required to complete the resolution. (<code>[#13253](pypa/pip#13253) &lt;https://github.com/pypa/pip/issues/13253&gt;</code>_)</p> </li> <li> <p>Improved heuristics for determining the order of dependency resolution. (<code>[#13273](pypa/pip#13273) &lt;https://github.com/pypa/pip/issues/13273&gt;</code>_)</p> </li> <li> <p>Provide hint, documentation, and link to the documentation when resolution too deep error occurs. (<code>[#13282](pypa/pip#13282) &lt;https://github.com/pypa/pip/issues/13282&gt;</code>_)</p> </li> <li> <p>Include traceback on failure to import <code>setuptools</code> when <code>setup.py</code> is being invoked directly. (<code>[#13290](pypa/pip#13290) &lt;https://github.com/pypa/pip/issues/13290&gt;</code>_)</p> </li> <li> <p>Support for :pep:<code>738</code> Android wheels. (<code>[#13299](pypa/pip#13299) &lt;https://github.com/pypa/pip/issues/13299&gt;</code>_)</p> </li> <li> <p>Display wheel build tag in <code>pip list</code> columns output if set. (<code>[#5210](pypa/pip#5210) &lt;https://github.com/pypa/pip/issues/5210&gt;</code>_)</p> </li> <li> <p>Build environment dependencies are no longer compiled to bytecode during</p> </li> </ul>  </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/pypa/pip/commit/daa7e5448312392c621bbaec4204d961c363e5f7"><code>daa7e54</code></a> Bump for release</li> <li><a href="https://github.com/pypa/pip/commit/06c3182a6ebb79ae95aa6ca42e43a9f750c9df57"><code>06c3182</code></a> Update AUTHORS.txt</li> <li><a href="https://github.com/pypa/pip/commit/b88324fe98b510fbc6ddd8951f006b1c8f0e7a3c"><code>b88324f</code></a> Add a news file for the pip lock command</li> <li><a href="https://github.com/pypa/pip/commit/38253a6002c23706153a0cb741b8caca290c9165"><code>38253a6</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13319">#13319</a> from sbidoul</li> <li><a href="https://github.com/pypa/pip/commit/2791a8b35a4e9e4ebacf18cc08be81f53998701d"><code>2791a8b</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/13344">#13344</a> from pypa/dependabot/pip/build-project/setuptools-7...</li> <li><a href="https://github.com/pypa/pip/commit/24f4600851bbb3d7f22aed0ba6b1e2dcc4973412"><code>24f4600</code></a> Remove LRU cache from methods [ruff rule cached-instance-method] (<a href="https://redirect.github.com/pypa/pip/issues/13306">#13306</a>)</li> <li><a href="https://github.com/pypa/pip/commit/d852ebd2868abc526189fc7172babca9b1d2b395"><code>d852ebd</code></a> Merge pull request <a href="https://redirect.github.com/pypa/pip/issues/12308">#12308</a></li> <li><a href="https://github.com/pypa/pip/commit/d35c08df09cebe2f4887b0a31bb1127e730d8ead"><code>d35c08d</code></a> Clarify what the removal of the pkg_ressources backend implies</li> <li><a href="https://github.com/pypa/pip/commit/e8794224f513a2b964d5f969026f283dc9a23003"><code>e879422</code></a> Rename find_linked to find_legacy_editables</li> <li><a href="https://github.com/pypa/pip/commit/4a765606f9c1d39059e429cd5394c246045fb34a"><code>4a76560</code></a> Fix uninstallation of zipped eggs</li> <li>Additional commits viewable in <a href="https://github.com/pypa/pip/compare/25.0.1...25.1">compare view</a></li> </ul> </details> <br /> Updates `importlib-metadata` from 8.6.1 to 8.7.0 <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python/importlib_metadata/blob/main/NEWS.rst">importlib-metadata's changelog</a>.</em></p> <blockquote> <h1>v8.7.0</h1> <h2>Features</h2> <ul> <li><code>.metadata()</code> (and <code>Distribution.metadata</code>) can now return <code>None</code> if the metadata directory exists but not metadata file is present. (<a href="https://redirect.github.com/python/importlib_metadata/issues/493">#493</a>)</li> </ul> <h2>Bugfixes</h2> <ul> <li>Raise consistent ValueError for invalid EntryPoint.value (<a href="https://redirect.github.com/python/importlib_metadata/issues/518">#518</a>)</li> </ul> </blockquote> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python/importlib_metadata/commit/708dff4f1ab89bdd126e3e8c56098d04282c5809"><code>708dff4</code></a> Finalize</li> <li><a href="https://github.com/python/importlib_metadata/commit/b3065f03cc3395f46ed575e612e213f92a064879"><code>b3065f0</code></a> Merge pull request <a href="https://redirect.github.com/python/importlib_metadata/issues/519">#519</a> from python/bugfix/493-metadata-missing</li> <li><a href="https://github.com/python/importlib_metadata/commit/e4351c226765f53a40316fa6aab50488aee8a90f"><code>e4351c2</code></a> Add a new test capturing the new expectation.</li> <li><a href="https://github.com/python/importlib_metadata/commit/5a657051f7386de6f0560c200d78e941be2c8058"><code>5a65705</code></a> Refactor the casting into a wrapper for brevity and to document its purpose.</li> <li><a href="https://github.com/python/importlib_metadata/commit/0830c39b8a23e48024365120c0e97a6f7c36c5ec"><code>0830c39</code></a> Add news fragment.</li> <li><a href="https://github.com/python/importlib_metadata/commit/22bb567692d8e7bd216f864a9d8dee1272ee8674"><code>22bb567</code></a> Fix type errors where metadata could be None.</li> <li><a href="https://github.com/python/importlib_metadata/commit/57f31d77e18fef11dfadfd44775f253971c36920"><code>57f31d7</code></a> Allow metadata to return None when there is no metadata present.</li> <li><a href="https://github.com/python/importlib_metadata/commit/b9c4be4253250ad604610db66204e5fa70fa2455"><code>b9c4be4</code></a> Merge pull request <a href="https://redirect.github.com/python/importlib_metadata/issues/518">#518</a> from python/bugfix/488-bad-ep-value</li> <li><a href="https://github.com/python/importlib_metadata/commit/9f8af013635833cf3ac348413c9ac63b37caa3dd"><code>9f8af01</code></a> Prefer a cached property, as the property is likely to be retrieved at least ...</li> <li><a href="https://github.com/python/importlib_metadata/commit/f179e28888b2c6caf12baaf5449ff1cd82513dfe"><code>f179e28</code></a> Also raise ValueError on construction if the value is invalid.</li> <li>Additional commits viewable in <a href="https://github.com/python/importlib_metadata/compare/v8.6.1...v8.7.0">compare view</a></li> </ul> </details> <br /> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting `@dependabot rebase`. [//]: # (dependabot-automerge-start) [//]: # (dependabot-automerge-end) --- <details> <summary>Dependabot commands and options</summary> <br /> You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show <dependency name> ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore <dependency name> major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore <dependency name> minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore <dependency name>` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore <dependency name>` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore <dependency name> <ignore condition>` will remove the ignore condition of the specified dependency and ignore conditions </details> Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
diff --git a/base-tooling-requirements.txt b/base-tooling-requirements.txt
@@ -1,12 +1,12 @@
 build==1.2.1     --hash=sha256:526263f4870c26f26c433545579475377b2b7588b6f1eac76a001e873ae3e19d     --hash=sha256:75e10f767a433d9a86e50d83f418e83efc18ede923ee5ff7df93b6cb0306c5d4
 click==8.1.5     --hash=sha256:4be4b1af8d665c6d942909916d31a213a106800c47d0eeba73d34da3cbc11367     --hash=sha256:e576aa487d679441d7d30abb87e1b43d24fc53bffb8758443b1a9e1cee504548
-importlib-metadata==8.6.1     --hash=sha256:02a89390c1e15fdfdc0d7c6b25cb3e62650d0494005c97d6f148bf5b9787525e     --hash=sha256:310b41d755445d74569f993ccfc22838295d9fe005425094fad953d7f15c8580
+importlib-metadata==8.7.0     --hash=sha256:d13b81ad223b890aa16c5471f2ac3056cf76c5f10f82d6f9292f0b415f389000     --hash=sha256:e5dd1551894c77868a30651cef00984d50e1002d06942a7101d34870c5f02afd
 packaging==25.0     --hash=sha256:29572ef2b1f17581046b3a2227d5c611fb25ec70ca1ba8554b24b0e69331a484     --hash=sha256:d443872c98d677bf60f6a1f2f8c1cb748e8fe762d2bf9d3148b5599295b0fc4f
 pip-tools==7.4.0     --hash=sha256:a92a6ddfa86ff389fe6ace381d463bc436e2c705bd71d52117c25af5ce867bb7     --hash=sha256:b67432fd0759ed834c5367f9e0ce8c95441acecfec9c8e24b41aca166757adf0
 pyproject-hooks==1.2.0     --hash=sha256:1e859bd5c40fae9448642dd871adf459e5e2084186e8d2c2a79a824c970da1f8     --hash=sha256:9e5c6bfa8dcc30091c74b0cf803c81fdd29d94f01992a7707bc97babb1141913
 tomli==2.2.1     --hash=sha256:023aa114dd824ade0100497eb2318602af309e5a55595f76b626d6d9f3b7b0a6     --hash=sha256:02abe224de6ae62c19f090f68da4e27b10af2b93213d36cf44e6e1c5abd19fdd     --hash=sha256:286f0ca2ffeeb5b9bd4fcc8d6c330534323ec51b2f52da063b11c502da16f30c     --hash=sha256:2d0f2fdd22b02c6d81637a3c95f8cd77f995846af7414c5c4b8d0545afa1bc4b     --hash=sha256:33580bccab0338d00994d7f16f4c4ec25b776af3ffaac1ed74e0b3fc95e885a8     --hash=sha256:400e720fe168c0f8521520190686ef8ef033fb19fc493da09779e592861b78c6     --hash=sha256:40741994320b232529c802f8bc86da4e1aa9f413db394617b9a256ae0f9a7f77     --hash=sha256:465af0e0875402f1d226519c9904f37254b3045fc5084697cefb9bdde1ff99ff     --hash=sha256:4a8f6e44de52d5e6c657c9fe83b562f5f4256d8ebbfe4ff922c495620a7f6cea     --hash=sha256:4e340144ad7ae1533cb897d406382b4b6fede8890a03738ff1683af800d54192     --hash=sha256:678e4fa69e4575eb77d103de3df8a895e1591b48e740211bd1067378c69e8249     --hash=sha256:6972ca9c9cc9f0acaa56a8ca1ff51e7af152a9f87fb64623e31d5c83700080ee     --hash=sha256:7fc04e92e1d624a4a63c76474610238576942d6b8950a2d7f908a340494e67e4     --hash=sha256:889f80ef92701b9dbb224e49ec87c645ce5df3fa2cc548664eb8a25e03127a98     --hash=sha256:8d57ca8095a641b8237d5b079147646153d22552f1c637fd3ba7f4b0b29167a8     --hash=sha256:8dd28b3e155b80f4d54beb40a441d366adcfe740969820caf156c019fb5c7ec4     --hash=sha256:9316dc65bed1684c9a98ee68759ceaed29d229e985297003e494aa825ebb0281     --hash=sha256:a198f10c4d1b1375d7687bc25294306e551bf1abfa4eace6650070a5c1ae2744     --hash=sha256:a38aa0308e754b0e3c67e344754dff64999ff9b513e691d0e786265c93583c69     --hash=sha256:a92ef1a44547e894e2a17d24e7557a5e85a9e1d0048b0b5e7541f76c5032cb13     --hash=sha256:ac065718db92ca818f8d6141b5f66369833d4a80a9d74435a268c52bdfa73140     --hash=sha256:b82ebccc8c8a36f2094e969560a1b836758481f3dc360ce9a3277c65f374285e     --hash=sha256:c954d2250168d28797dd4e3ac5cf812a406cd5a92674ee4c8f123c889786aa8e     --hash=sha256:cb55c73c5f4408779d0cf3eef9f762b9c9f147a77de7b258bef0a5628adc85cc     --hash=sha256:cd45e1dc79c835ce60f7404ec8119f2eb06d38b1deba146f07ced3bbc44505ff     --hash=sha256:d3f5614314d758649ab2ab3a62d4f2004c825922f9e370b29416484086b264ec     --hash=sha256:d920f33822747519673ee656a4b6ac33e382eca9d331c87770faa3eef562aeb2     --hash=sha256:db2b95f9de79181805df90bedc5a5ab4c165e6ec3fe99f970d0e302f384ad222     --hash=sha256:e59e304978767a54663af13c07b3d1af22ddee3bb2fb0618ca1593e4f593a106     --hash=sha256:e85e99945e688e32d5a35c1ff38ed0b3f41f43fad8df0bdf79f72b2ba7bc5272     --hash=sha256:ece47d672db52ac607a3d9599a9d48dcb2f2f735c6c2d1f34130085bb12b112a     --hash=sha256:f4039b9cbc3048b2416cc57ab3bda989a6fcf9b36cf8937f01a6e731b64f80d7
 typing-extensions==4.13.1     --hash=sha256:4b6cf02909eb5495cfbc3f6e8fd49217e6cc7944e145cdda8caa3734777f9e69     --hash=sha256:98795af00fb9640edec5b8e31fc647597b4691f099ad75f469a2616be1a76dff
 wheel==0.45.0     --hash=sha256:52f0baa5e6522155090a09c6bd95718cc46956d1b51d537ea5454249edb671c7     --hash=sha256:a57353941a3183b3d5365346b567a260a0602a0f8a635926a7dede41b94c674a
 zipp==3.21.0     --hash=sha256:2c9958f6430a2040341a52eb608ed6dd93ef4392e02ffe219417c1b28b5dd1f4     --hash=sha256:ac1bbe05fd2991f160ebce24ffbac5f6d11d83dc90891255885223d42b3cd931
-pip==25.0.1     --hash=sha256:88f96547ea48b940a3a385494e181e29fb8637898f88d88737c5049780f196ea     --hash=sha256:c46efd13b6aa8279f33f2864459c8ce587ea6a1a59ee20de055868d8f7688f7f
-setuptools==79.0.0     --hash=sha256:9828422e7541213b0aacb6e10bbf9dd8febeaa45a48570e09b6d100e063fc9f9     --hash=sha256:b9ab3a104bedb292323f53797b00864e10e434a3ab3906813a7169e4745b912a
+pip==25.1     --hash=sha256:13b4aa0aaad055020a11bec8a1c2a70a2b2d080e12d89b962266029fff0a16ba     --hash=sha256:272bdd1289f80165e9070a4f881e8f9e1001bbb50378561d1af20e49bf5a2200
+setuptools==80.0.0     --hash=sha256:a38f898dcd6e5380f4da4381a87ec90bd0a7eec23d204a5552e80ee3cab6bd27     --hash=sha256:c40a5b3729d58dd749c0f08f1a07d134fb8a0a3d7f87dc33e7c5e1f762138650
diff --git a/requirements.txt b/requirements.txt
@@ -15,9 +15,9 @@ astunparse==1.6.3 \
     --hash=sha256:5ad93a8456f0d084c3456d059fd9a92cce667963232cbf763eac3bc5b7940872 \
     --hash=sha256:c2652417f2c8b5bb325c885ae329bdf3f86424075c4fd1a128674bc6fba4b8e8
     # via tensorflow
-certifi==2025.1.31 \
-    --hash=sha256:3d5da6925056f6f18f119200434a4780a94263f10d1c21d032a6f6b2baa20651 \
-    --hash=sha256:ca78db4565a652026a4db2bcdf68f2fb589ea80d0be70e03929ed730746b84fe
+certifi==2025.4.26 \
+    --hash=sha256:0a816057ea3cdefcef70270d2c515e4506bbc954f417fa5ade2021213bb8f0c6 \
+    --hash=sha256:30350364dfe371162649852c63336a15c70c6510c2ad5015b21c2345311805f3
     # via requests
 cffi==1.17.1 \
     --hash=sha256:045d61c734659cc045141be4bae381a41d89b741f795af1dd018bfb532fd0df8 \
@@ -1378,13 +1378,13 @@ wrapt==1.17.2 \
     # via tensorflow
 
 # The following packages are considered to be unsafe in a requirements file:
-pip==25.0.1 \
-    --hash=sha256:88f96547ea48b940a3a385494e181e29fb8637898f88d88737c5049780f196ea \
-    --hash=sha256:c46efd13b6aa8279f33f2864459c8ce587ea6a1a59ee20de055868d8f7688f7f
+pip==25.1 \
+    --hash=sha256:13b4aa0aaad055020a11bec8a1c2a70a2b2d080e12d89b962266029fff0a16ba \
+    --hash=sha256:272bdd1289f80165e9070a4f881e8f9e1001bbb50378561d1af20e49bf5a2200
     # via scaaml (pyproject.toml)
-setuptools==79.0.0 \
-    --hash=sha256:9828422e7541213b0aacb6e10bbf9dd8febeaa45a48570e09b6d100e063fc9f9 \
-    --hash=sha256:b9ab3a104bedb292323f53797b00864e10e434a3ab3906813a7169e4745b912a
+setuptools==80.0.0 \
+    --hash=sha256:a38f898dcd6e5380f4da4381a87ec90bd0a7eec23d204a5552e80ee3cab6bd27 \
+    --hash=sha256:c40a5b3729d58dd749c0f08f1a07d134fb8a0a3d7f87dc33e7c5e1f762138650
     # via
     #   scaaml (pyproject.toml)
     #   tensorboard
