chore(deps): update dependency tqdm to v4.66.3 [security]

[plural-renovate]

This PR contains the following updates:

Package	Update	Change
tqdm (changelog)	minor	==4.65.0 -> ==4.66.3

GitHub Vulnerability Alerts

CVE-2024-34062

Impact

Any optional non-boolean CLI arguments (e.g. --delim, --buf-size, --manpath) are passed through python's eval, allowing arbitrary code execution. Example:

python -m tqdm --manpath="\" + str(exec(\"import os\nos.system('echo hi && killall python3')\")) + \""

Patches

tqdm/tqdm@4e613f8 released in tqdm>=4.66.3

Workarounds

None

References

• https://github.com/tqdm/tqdm/releases/tag/v4.66.3

---

Release Notes

tqdm/tqdm (tqdm)

v4.66.3: tqdm v4.66.3 stable

Compare Source

• cli: eval safety (fixes CVE-2024-34062, GHSA-g7vv-2v7x-gj9p)

v4.66.2: tqdm v4.66.2 stable

Compare Source

• pandas: add DataFrame.progress_map (#​1549)
• notebook: fix HTML padding (#​1506)
• keras: fix resuming training when verbose>=2 (#​1508)
• fix format_num negative fractions missing leading zero (#​1548)
• fix Python 3.12 DeprecationWarning on import (#​1519)
• linting: use f-strings (#​1549)
• update tests (#​1549)
  • fix pandas warnings
  • fix asv (https://github.com/airspeed-velocity/asv/issues/1323)
  • fix macos notebook docstring indentation
• CI: bump actions (#​1549)

v4.66.1: tqdm v4.66.1 stable

Compare Source

• fix utils.envwrap types (#​1493 <- #​1491, #​1320 <- #​966, #​1319)
  • e.g. cloudwatch & kubernetes workaround: export TQDM_POSITION=-1
• drop mentions of unsupported Python versions

v4.66.0: tqdm v4.66.0 stable

Compare Source

• environment variables to override defaults (TQDM_*) (#​1491 <- #​1061, #​950 <- #​614, #​1318, #​619, #​612, #​370)
  • e.g. in CI jobs, export TQDM_MININTERVAL=5 to avoid log spam
  • add tests & docs for tqdm.utils.envwrap
• fix & update CLI completion
• fix & update API docs
• minor code tidy: replace os.path => pathlib.Path
• fix docs image hosting
• release with CI bot account again (https://github.com/cli/cli/issues/6680)

v4.65.2: tqdm v4.65.2 stable

Compare Source

• exclude examples from distributed wheel (#​1492)

v4.65.1: tqdm v4.65.1 stable

Compare Source

• migrate setup.{cfg,py} => pyproject.toml (#​1490)
  • fix asv benchmarks
  • update docs
• fix snap build (#​1490)
• fix & update tests (#​1490)
  • fix flaky notebook tests
  • bump pre-commit
  • bump workflow actions

---

Configuration

📅 Schedule: Branch creation - "" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR has been generated by Renovate Bot.

[stoat-app]

Easy and customizable dashboards for your build system. Learn more about Stoat ↗︎

Static Hosting

Name	Link	Commit	Status
api-coverage	Visit	5dcdd2a	✅
rtc-coverage	Visit	5dcdd2a	✅
core-coverage	Visit	5dcdd2a	✅
cron-coverage	Visit	5dcdd2a	✅
email-coverage	Visit	5dcdd2a	✅
worker-coverage	Visit	5dcdd2a	✅
api-test-results	Visit	5dcdd2a	✅
graphql-coverage	Visit	5dcdd2a	✅
rtc-test-results	Visit	5dcdd2a	✅
core-test-results	Visit	5dcdd2a	✅
cron-test-results	Visit	5dcdd2a	✅
email-test-results	Visit	5dcdd2a	✅
worker-test-results	Visit	5dcdd2a	✅
graphql-test-results	Visit	5dcdd2a	✅

Job Runtime

[stoat-app]

Easy and customizable dashboards for your build system. Learn more about Stoat ↗︎

Static Hosting

Name	Link	Commit	Status
api-coverage	Visit	9d0a369	✅
rtc-coverage	Visit	9d0a369	✅
core-coverage	Visit	9d0a369	✅
cron-coverage	Visit	9d0a369	✅
email-coverage	Visit	9d0a369	✅
worker-coverage	Visit	9d0a369	✅
api-test-results	Visit	9d0a369	✅
graphql-coverage	Visit	9d0a369	✅
rtc-test-results	Visit	9d0a369	✅
core-test-results	Visit	9d0a369	✅
cron-test-results	Visit	9d0a369	✅
email-test-results	Visit	9d0a369	✅
worker-test-results	Visit	9d0a369	✅
graphql-test-results	Visit	9d0a369	✅

Job Runtime