Bump the apptainer group across 1 directory with 2 updates

[dependabot]

Bumps the apptainer group with 2 updates in the /apptainer/python directory: numpy and setuptools.

Updates numpy from 1.26.4 to 2.0.1

Release notes

Sourced from numpy's releases.

v2.0.1

NumPy 2.0.1 Release Notes

NumPy 2.0.1 is a maintenance release that fixes bugs and regressions discovered after the 2.0.0 release. NumPy 2.0.1 is the last planned release in the 2.0.x series, 2.1.0rc1 should be out shortly.

The Python versions supported by this release are 3.9-3.12.

NOTE: Do not use the GitHub generated "Source code" files listed in the "Assets", they are garbage.

Improvements

np.quantile with method closest_observation chooses nearest even order statistic

This changes the definition of nearest for border cases from the nearest odd order statistic to nearest even order statistic. The numpy implementation now matches other reference implementations.

(gh-26656)

Contributors

A total of 15 people contributed to this release. People with a "+" by their names contributed a patch for the first time.

• @​vahidmech +
• Alex Herbert +
• Charles Harris
• Giovanni Del Monte +
• Leo Singer
• Lysandros Nikolaou
• Matti Picus
• Nathan Goldbaum
• Patrick J. Roddy +
• Raghuveer Devulapalli
• Ralf Gommers
• Rostan Tabet +
• Sebastian Berg
• Tyler Reddy
• Yannik Wicke +

Pull requests merged

A total of 24 pull requests were merged for this release.

• #26711: MAINT: prepare 2.0.x for further development
• #26792: TYP: fix incorrect import in ma/extras.pyi stub
• #26793: DOC: Mention '1.25' legacy printing mode in set_printoptions
• #26794: DOC: Remove mention of NaN and NAN aliases from constants

... (truncated)

Commits

• 4c9f431 Merge pull request #27000 from charris/prepare-2.0.1
• 0e70e00 REL: Prepare for the NumPy 2.0.1 release [wheel build]
• 4d10ffc Merge pull request #26995 from charris/backport-26985
• 764b667 BUG: Add object cast to avoid warning with limited API
• 9be6ad6 Merge pull request #26971 from charris/backport-26935
• 6d950e9 BUG: fix f2py tests to work with v2 API
• 89630c0 Merge pull request #26962 from charris/backport-26919
• 88fa840 TST: Apply test suggestion by Nathan for rlstrip fixes
• a9da01e BUG,MAINT: Fix utf-8 character stripping memory access
• 6afbbf8 Merge pull request #26963 from charris/backport-26930
• Additional commits viewable in compare view

Updates setuptools from 69.5.1 to 71.1.0

Changelog

Sourced from setuptools's changelog.

v71.1.0

Features

• Added return types to typed public functions -- by :user:Avasam

  Marked pkg_resources as py.typed -- by :user:Avasam (#4409)

Misc

• #4492

v71.0.4

Bugfixes

• Removed lingering unused code around Distribution._patched_dist. (#4489)

v71.0.3

Bugfixes

• Reset the backports module when enabling vendored packages. (#4476)

v71.0.2

Bugfixes

• Include all vendored files in the sdist. (#4480)

v71.0.1

Bugfixes

... (truncated)

Commits

• 08bd311 Bump version: 71.0.4 → 71.1.0
• e3fd44a Merge pull request #4492 from mgorny/core-deps-spec
• 022cedb Switch to uv for vendoring.
• 3fca249 Merge pull request #4500 from Avasam/Update-mypy-to-1.11
• e7575ae Update pyproject.toml
• b078d6e Merge pull request #4409 from Avasam/pkg_resources-explicit-public-return-ann...
• 3aba4d4 Update mypy to 1.11
• deb0aa8 Merge branch 'main' of https://github.com/pypa/setuptools into pkg_resources-...
• 48f95c0 Bump version: 71.0.3 → 71.0.4
• 7d0178e Merge pull request #4493 from pypa/debt/4489-patched-dist
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore <dependency name> major version will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)
• @dependabot ignore <dependency name> minor version will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)
• @dependabot ignore <dependency name> will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)
• @dependabot unignore <dependency name> will remove all of the ignore conditions of the specified dependency
• @dependabot unignore <dependency name> <ignore condition> will remove the ignore condition of the specified dependency and ignore conditions

[github-actions]

Dependency Review

✅ No vulnerabilities or license issues or OpenSSF Scorecard issues found.

OpenSSF Scorecard

Package	Version	Score	Details
pip/numpy	2.0.1	🟢 8.5	Details Check Score Reason Binary-Artifacts 🟢 10 no binaries found in the repo Branch-Protection ⚠️ -1 internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration CI-Tests 🟢 10 12 out of 12 merged PRs checked by a CI test -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected Code-Review 🟢 10 all changesets reviewed Contributors 🟢 10 project has 95 contributing companies or organizations Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Dependency-Update-Tool 🟢 10 update tool detected Fuzzing 🟢 10 project is fuzzed License 🟢 9 license file detected Maintained 🟢 10 30 commit(s) and 25 issue activity found in the last 90 days -- score normalized to 10 Packaging ⚠️ -1 packaging workflow not detected Pinned-Dependencies 🟢 3 dependency not pinned by hash detected -- score normalized to 3 SAST 🟢 10 SAST tool is run on all commits Security-Policy 🟢 9 security policy file detected Signed-Releases ⚠️ 0 Project has not signed or included provenance with any releases. Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Vulnerabilities 🟢 10 0 existing vulnerabilities detected
pip/setuptools	71.1.0	🟢 5.6	Details Check Score Reason Code-Review ⚠️ 0 Found 0/20 approved changesets -- score normalized to 0 Maintained 🟢 10 30 commit(s) and 21 issue activity found in the last 90 days -- score normalized to 10 CII-Best-Practices ⚠️ 0 no effort to earn an OpenSSF best practices badge detected License 🟢 10 license file detected Signed-Releases ⚠️ -1 no releases found Security-Policy 🟢 10 security policy file detected Token-Permissions 🟢 10 GitHub workflow tokens follow principle of least privilege Dangerous-Workflow 🟢 10 no dangerous workflow patterns detected Packaging ⚠️ -1 packaging workflow not detected Branch-Protection ⚠️ 0 branch protection not enabled on development/release branches Binary-Artifacts ⚠️ 0 binaries present in source code SAST ⚠️ 0 SAST tool is not run on all commits -- score normalized to 0 Vulnerabilities 🟢 10 0 existing vulnerabilities detected Fuzzing 🟢 10 project is fuzzed Pinned-Dependencies ⚠️ 0 dependency not pinned by hash detected -- score normalized to 0

Scanned Manifest Files

apptainer/python/requirements.txt

• [email protected]
• [email protected]
• [email protected]
• [email protected]

[tylertitsworth]

@dependabot rebase