Skip to content

Bump nltk from 3.9.2 to 3.9.4 in /requirements#3

Open
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/requirements/nltk-3.9.4
Open

Bump nltk from 3.9.2 to 3.9.4 in /requirements#3
dependabot[bot] wants to merge 1 commit into
mainfrom
dependabot/pip/requirements/nltk-3.9.4

Conversation

@dependabot

@dependabot dependabot Bot commented on behalf of github May 26, 2026
edited
Loading

Copy link
Copy Markdown

Bumps nltk from 3.9.2 to 3.9.4.

Changelog

Sourced from nltk's changelog.

Version 3.10.0 2026-06-11

  • Enforce the stricter nltk.pathsec security policy by default
  • Document the new security model and migration guidance
  • Harden resource loading against path traversal and SSRF/DNS-rebinding
  • Harden downloader path handling and block XML entity expansion
  • Close remaining corpus-reader security edge cases
  • Replace unsafe exec() usage in the utility CLI
  • Warn on unpickling user-provided pickles
  • Add HuggingFace datasets integration (nltk.huggingface)
  • Align TnT with Brants (2000) specifications
  • Fix PorterStemmer irregular-form lowercasing in NLTK mode
  • Fix TransitionParser sparse index dtype for scikit-learn 1.9
  • Fix TextCat tie handling
  • Fix WordNet object comparisons for incompatible types
  • Cache WordNet max depth lazily for lch_similarity()
  • Fix CCG variable direction, substitution, and type-raising bugs
  • Fix Jaro similarity for single-character and empty-string cases
  • Improve CI and release-maintenance workflows

Thanks to the following contributors to 3.10.0: 13rac1, alvations, bowiechen, devesh-2002, ekaf, elias-ba, haosenwang1018, HyperPS, ihitamandal, jancallewaert, jhnwnstd, JuanIMartinezB, Lemm1, LinZiyuu, Mr-Neutr0n, PastelStorm, scruge1, Syzygy2048, ylwango613, yzhaoinuw

Version 3.9.4 2026-03-24

  • Support Python 3.14
  • Fix bug in Levenshtein distance when substitution_cost > 2
  • Fix bug in Treebank detokeniser re quote ordering
  • Fix bug in Jaro similarity for empty strings
  • Several security enhancements
  • Fix GHSA-rf74-v2fm-23pw: unbounded recursion in JSONTaggedDecoder
  • Implement TextTiling vocabulary introduction method (Hearst 1997)
  • Fix ALINE feature matrix errors and add comprehensive tests
  • Support multiple VerbNet versions, fix longid/shortid regex for VerbNet ids
  • Let downloader fallback to md5 when sha256 is unavailable
  • Several other minor bugfixes and code cleanups

Thanks to the following contributors to 3.9.4: Min-Yen Kan, Eric Kafe, Emily Voss, bowiechen, Hrudhai01, jancallewaert, Mr-Neutr0n, pollak.peter89, ylwango613,

Version 3.9.3 2026-02-21

  • Fix CVE-2025-14009: secure ZIP extraction in nltk.downloader (#3468)
  • Block path traversal/arbitrary reads in nltk.data for protocol-less refs (#3467)
  • Block path traversal/abs paths in corpus readers and FS pointers (#3479, #3480)
  • Validate external StanfordSegmenter JARs using SHA256 (#3477)

... (truncated)

Commits
  • ad9c96b Update copyright year
  • 7edcddf Updates for 3.9.4 release
  • 67a2736 Merge pull request #3180 from yzhaoinuw/bug-on-edit_distance_align
  • 2b17ac5 Fix edit_distance_align backtrace for high substitution costs
  • 4b72976 Merge pull request #3018 from JuanIMartinezB/bug/shortid-longid
  • 8a5619f Merge pull request #3222 from Syzygy2048/feature/texttiling-vocabulary-introd...
  • c6574d7 Merge pull request #3289 from ihitamandal/codeflash/optimize-windowdiff-2024-...
  • 98ff5d9 Merge pull request #3435 from Hrudhai01/fix-3260-detokenize-quotes
  • aec4fce Merge pull request #3522 from ekaf/pathsec
  • eec4ee3 Merge pull request #3526 from nltk/update-contributing
  • Additional commits viewable in compare view

@dependabot dependabot Bot added dependencies Pull requests that update a dependency file python Pull requests that update python code labels May 26, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/requirements/nltk-3.9.4 branch from 28a76fb to 9e85cb1 Compare May 27, 2026 18:57
@dependabot dependabot Bot force-pushed the dependabot/pip/requirements/nltk-3.9.4 branch from 9e85cb1 to 907b5c9 Compare June 4, 2026 21:40
@dependabot
Bump nltk from 3.9.2 to 3.9.4 in /requirements
b5575f1 
Bumps [nltk](https://github.com/nltk/nltk) from 3.9.2 to 3.9.4.
- [Release notes](https://github.com/nltk/nltk/releases)
- [Changelog](https://github.com/nltk/nltk/blob/develop/ChangeLog)
- [Commits](nltk/nltk@3.9.2...3.9.4)

---
updated-dependencies:
- dependency-name: nltk
  dependency-version: 3.9.4
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot Bot changed the title chore(deps): bump nltk from 3.9.2 to 3.9.4 in /requirements Bump nltk from 3.9.2 to 3.9.4 in /requirements Jun 13, 2026
@dependabot dependabot Bot force-pushed the dependabot/pip/requirements/nltk-3.9.4 branch from 907b5c9 to b5575f1 Compare June 13, 2026 18:39
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

dependencies Pull requests that update a dependency file python Pull requests that update python code

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

0 participants