chore(deps-dev): bump black from 25.9.0 to 26.1.0 in the security-updates group#12
Open
dependabot[bot] wants to merge 86 commits into
Open
chore(deps-dev): bump black from 25.9.0 to 26.1.0 in the security-updates group#12dependabot[bot] wants to merge 86 commits into
dependabot[bot] wants to merge 86 commits into
Conversation
Added new files for adapter architecture: • metrics/base.py – defines MetricResult schema and MetricAdapter protocol • metrics/native_adapter.py – built-in fallback for fairness metrics Expanded fairlearn_adapter.py and aequitas_adapter.py with guarded imports Updated core.py to register adapters, enable auto-selection, and add caching Added unit tests for adapter selection and result schema Ensured backward compatibility with Phase 0 Result class These deliver: → FairnessAnalyzer wrapper with unified interface → Common result schema → Automatic backend selection and lightweight caching → Test coverage target ~80%
- Added metric implementations: • demographic_parity_difference (classification) • equalized_odds_difference (classification) • mae_parity_difference (regression) - Implemented intersectional metric support with min_group_size filter - Added intersectional utilities (build_intersectional_labels, min_group_mask, group_sizes) - Introduced metric_registry.json for easy extensibility - Fixed categorical comparison bug in min_group_mask (dtype coercion for unordered categoricals) - Added unit tests for small-group exclusion, missing values, and intersectional logic - Added benchmarking script (benchmark_metrics_100k.py) for runtime profiling (~100k rows) - Verified statistical and runtime correctness for classification and regression metrics These deliver: → Fully functional metric engine with classification, regression, and intersectional support → Safe handling of categorical data types → Benchmarks and tests confirming performance and reliability
Summary: -Implemented bootstrap confidence intervals (percentile & BCa) with improved two-sample resampling logic for correct coverage. -Added Bayesian credible interval (Beta–Binomial) for small-sample fairness evaluation. -Implemented multiple comparison corrections (Bonferroni & Benjamini–Hochberg FDR). -Added effect size computations (risk ratio, Cohen’s d placeholder). -Enhanced unit tests for all statistical components using synthetic datasets. Results: -All tests passed successfully. -Empirical coverage for the bootstrap percentile method verified within expected 0.85–0.95 range. -Current test coverage: ~53% total, with 90%+ coverage for native_adapter, fairlearn_adapter, and core metrics. -Phase 3 functionality validated—ready to proceed to Phase 4 integration.
…d statistical validation
- Added MLflow logging utility (log_fairness_metrics) - Integrated pytest plugin with assert_fairness() - Extended CLI with command for fairness checks - Implemented Markdown reporting function (to_markdown_report) - Enhanced CI with multi-OS testing and coverage - Configured pre-commit hooks for linting and sample-check placeholder All core workflows now operational and passing tests.
…prepare v0.1.0 release - Added full end-to-end (E2E) system tests validating metric computation, CI integration, and Markdown reporting - Introduced deterministic test fixture () for reproducibility - Created demo notebook () showcasing metric computation, CI confidence intervals, and MLflow tracking - Updated README with usage tutorial and CLI validation examples - Added CHANGELOG.md and version bump to v0.1.0 - Verified workflow integration and test coverage for release candidate
…correctness, reproducibility, and usability
- Added visualization of fairness metrics (DP, EO) with bootstrap confidence intervals. - Updated demo notebook and documentation for reproducibility. - Verified end-to-end CLI, reporting, and MLflow integration. - Finalized readiness for v0.1.0 release. - Added bootstrap confidence intervals and effect size computation to CLI fairness validation. - Created visualization scripts for demographic parity and equalized odds with 95% CIs. - Updated demo.ipynb for end-to-end workflow demonstration (metrics → CI → MLflow tracking). - Verified reproducibility and usability of fairness measurement module. - Generated report_with_ci.md artifact as validation output.
…e record, updated README and changelog for release readiness; validated full workflow integration and reporting.
…record, updated README and changelog for release readiness; validated full workflow integration and reporting.
- Added new package under with initial submodules: - detectors/: representation, disparity, proxy, and report stubs - transformers/: reweighting, disparate impact remover, and utils stubs - config/: YAML loader (Phase 0 version) - orchestration/: builder and registry for dynamic pipeline construction - Expanded CLI to include command for running stub detectors via config and CSV input - Added example , fixture CSV, and smoke test for pipeline import wiring - Updated to include PyYAML dependency - Establishes foundation for Phase 1 (functional bias detection and config validation)
Implements the foundational architecture for the Fairness Pipeline Module, covering Phase 1 (scaffolding and configuration) and Phase 2 (detection and execution logic). Details: - Added pipeline package structure with submodules: • config – typed YAML loader (PipelineConfig, PipelineStep) • detectors – bias detection primitives • transformers – InstanceReweighting, DisparateImpactRemover • orchestration – pipeline builder, execution engine - Implemented run_detectors, build_pipeline, and apply_pipeline in orchestration/engine.py. - Added BiasReport container for consistent access (.meta) and JSON-safe serialization. - Integrated CLI compatibility with Mapping interface and to_dict() handling. - Added smoke test (tests/pipeline/test_smoke_pipeline.py) and config validation. - Fixed CLI artifact serialization and test assertions for Phase 2. Testing: - Verified pytest smoke test passes end-to-end. - Confirmed cmd_pipeline_run writes valid JSON artifacts.
Merge: Pipeline module
…n, and reweighing support ### Summary - Implemented Phase 3 (configuration + detector orchestration refinement) - Enhanced to return typed objects. - Added JSON serialization () for detector reports. - Expanded logic for safer transformer instantiation with injected defaults. - Implemented Phase 4 (CLI + end-to-end integration) - Integrated in CLI to execute full pipeline runs from config and CSV input. - Added artifact outputs (, , ) and improved error handling. - Updated to include , , and aliases. - Added fallback import handling for spelling variants (e.g., reweighting / reweighing). - Ensured smart default injection for and when omitted in YAML. ### Improvements - Unified bias detection output into a consistent schema. - Enabled reproducible runs via YAML-driven configuration. - Improved pipeline usability through flexible transformer naming and automatic default handling. - Simplified CLI experience with full artifact generation and path validation.
- Implemented ReductionsWrapper for scikit-learn with DemographicParity constraint - Added FairnessRegularizer and LagrangianFairnessTrainer for PyTorch - Introduced GroupFairnessCalibrator and ParetoFrontier visualization tools - Integrated module tests for sklearn_, torch_, postproc, and viz subpackages - Updated CLI to include training operations and maintained compatibility with Python 3.12.5
refactor(pipeline,cli,monitoring): unify builder, add config validation, refactor validate; packaging + docs; tests Pipeline/orchestration Consolidate builder into pipeline/orchestration/engine.py; remove builder.py Centralize transformer registry; keep single build_pipeline/apply_pipeline/run_detectors API Config Add minimal schema validation in pipeline/config/loader.py (profiles supported) Export PipelineConfig/PipelineStep/load_config via pipeline/config/__init__.py CLI Refactor validate into small helpers (CSV parsing, sensitive normalization, evaluation) Parameterize CI/effect sizes via FairnessAnalyzer (adds ci_samples) and flags Lazy-load heavy deps inside subcommands (fairlearn, torch, etc.) Add return type hints for public CLI functions Monitoring Introduce monitoring/config.py with MonitoringSettings, DriftConfig, ReportConfig Update drift engine and dashboard to use shared settings; persist config alongside artifacts Packaging Move runtime deps to [project.dependencies] in pyproject.toml Add extras: training, monitoring, adapters; add requirements.in/requirements-dev.in Simplify requirements.txt to pip-tools workflow Documentation & DX Rename CHANEGELOG.md → CHANGELOG.md Enrich README: minimal pipeline YAML + config schema; extras + pip-compile instructions Add .pre-commit-config.yaml (ruff/black/isort/nbstripout) Typing/Naming Normalize “sensitive” terminology; add explicit return types in CLI and orchestration Tests Add tests/pipeline/test_config_loader.py (schema/profiles) Extend pipeline smoke to assert sample weights from YAML Add CLI validation test for --with-ci and --with-effects Add monitoring tests for dashboard stubs and drift engine (with optional deps auto-skip)
Corrected percentile CI scaling so bootstrap intervals now use percent units expected by NumPy and covered the regression with a direct unit test of _percentile_ci behavior. Reworked the MLflow logging helper to emit string payloads (preferring mlflow.log_dict, falling back safely) and added a stubbed unit test to ensure structured artifacts log without runtime errors. Enabled confidence intervals and effect sizes by default across the analyzer APIs and verified the richer outputs with targeted tests covering classification and regression metrics.
Release v0.5.1: Test coverage improvements, security fixes, and CI enhancements - Update version to 0.5.1 in pyproject.toml and __init__.py - Update CHANGELOG.md with 645 tests and 87% coverage improvements - Update README.md with current metrics and version - Add coverage gate to CI (fail if < 85%, upload artifacts) - Create ROADMAP.md with planned features for 0.6.0-1.0.0 - Critical security fixes: filelock>=3.20.3, urllib3>=2.6.3, pip>=25.3 - Fix test_installation.py to expect version 0.5.1
- Fix: Make training module imports lazy to allow core package import without optional deps - Add: Structured exception types (DataValidationError, DependencyError) with context and suggestions - Add: Performance documentation (PERFORMANCE.md) and automated release workflow - Improve: Error messages with actionable suggestions and installation commands - Enhance: CI/CD with performance benchmarking and automated releases All tests passing. No breaking changes to public APIs.
… logging, and feedback collection - Security: Update dependencies, add security workflow and policy - Performance: Add performance test suite and profiling tools - Logging: Implement structured logging infrastructure - Feedback: Add GitHub issue templates and feedback process - Update CHANGELOG.md for v0.5.3 - Update release workflow to use modern action
CI/CD error ERROR: Could not find a version that satisfies the requirement virtualenv>=20.36.2 fix removing non-runtime dependency
Add property-based testing with Hypothesis - Expand integration tests with comprehensive edge case coverage - Set up Sphinx documentation site with GitHub Pages deployment - Configure Dependabot for automated dependency security updates - Add security review process and monthly automated reviews - Update documentation (CHANGELOG, README) for v0.5.4
Remove invalid update-types field from groups section. Dependabot automatically groups security updates, so explicit update-types configuration is not needed.
dependabot
Bot
added
dependencies
- Fix pip-audit command in security.yml: Replace invalid --fail-on syntax with Python script that properly checks for high/critical vulnerabilities - Fix all 6 failing property-based tests: * test_risk_ratio_identity: Handle edge cases with very small floating-point values using relative tolerance * test_dp_difference_bounds, test_dp_difference_zero_when_equal, test_eo_difference_bounds, test_dp_difference_ci_contains_value: Add proper group size validation and suppress Hypothesis health checks * test_eo_difference_bounds: Ensure groups have both positive and negative examples for TPR/FPR calculation * test_dp_difference_ci_contains_value: Account for bootstrap CI statistical variability * test_extreme_values: Fix Hypothesis argument error by using st.one_of() for NaN/infinity handling All 689 tests now pass with 86% coverage.
Resolve GitHub Actions validation error by giving unique IDs to TestPyPI and Production PyPI publish steps. Updated release notes to reference the correct step IDs based on repository selection. - Change TestPyPI step ID from 'pypi_publish' to 'testpypi_publish' - Change Production PyPI step ID from 'pypi_publish' to 'production_pypi_publish' - Update GitHub Release body to check correct step outcome based on repository
…o fairpipe - Update package name in pyproject.toml to 'fairpipe' - Bump version to 0.6.0 (breaking change for installation) - Update all documentation with new package name - Update GitHub Actions workflow PyPI URLs - Add migration notes to CHANGELOG.md - Python imports remain unchanged (backward compatible) BREAKING CHANGE: Installation command changed from 'pip install fairness-pipeline-dev-toolkit' to 'pip install fairpipe'
- Add linkify-it-py to docs/requirements.txt (required for myst-parser linkify extension) - Update GitHub Actions workflow to install from docs/requirements.txt - Fix html_static_path warning by commenting out non-existent _static directory
Add internal documentation files to .gitignore
JobCollins
force-pushed
the
dependabot/pip/security-updates-65ea79b78d
branch
from
7eede51 to
e4e868f
Compare
…apter Fixes issue where mae_parity_difference was only available in NativeAdapter, causing failures when using fairlearn or aequitas backends for regression metrics. Both adapters now implement the method following the same pattern as NativeAdapter, with comprehensive test coverage. All tests pass (707/707).
Populated demo_training.ipynb with working examples for all 5 Training Module components: ReductionsWrapper, FairnessRegularizerLoss, LagrangianFairnessTrainer, GroupFairnessCalibrator, and Pareto Frontier Visualization. Includes synthetic data generation, visualizations, and comprehensive usage examples.
Add mae_parity_difference to adapters
dependabot
Bot
force-pushed
the
dependabot/pip/security-updates-65ea79b78d
branch
from
e4e868f to
b80e4b4
Compare
baseline in Step 1, CLI output, property test fix
Bumps the security-updates group with 1 update: [black](https://github.com/psf/black). Updates `black` from 25.9.0 to 26.1.0 - [Release notes](https://github.com/psf/black/releases) - [Changelog](https://github.com/psf/black/blob/main/CHANGES.md) - [Commits](psf/black@25.9.0...26.1.0) --- updated-dependencies: - dependency-name: black dependency-version: 26.1.0 dependency-type: direct:development update-type: version-update:semver-major dependency-group: security-updates ... Signed-off-by: dependabot[bot] <support@github.com>
dependabot
Bot
force-pushed
the
dependabot/pip/security-updates-65ea79b78d
branch
from
b80e4b4 to
f84c4c5
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Bumps the security-updates group with 1 update: black.
Updates
blackfrom 25.9.0 to 26.1.0Release notes
Sourced from black's releases.
... (truncated)
Changelog
Sourced from black's changelog.
... (truncated)
Commits
6305bf1Prepare 2026.1.0 release (#4892)e71305bBump pypa/cibuildwheel from 3.3.0 to 3.3.1 (#4961)21a2a8cFix Shutdown multiprocessing Manager in schedule_formatting (#4952)e3146ceBump docker/setup-buildx-action from 3.11.1 to 3.12.0 (#4919)fe1fbc4Bump actions/upload-artifact from 5.0.0 to 6.0.0 (#4923)2b4b7fcBump actions/download-artifact from 6.0.0 to 7.0.0 (#4922)d745be6docs: document --force-exclude for pre-commit workflows (#4957)b41acd6Various CI and doc refactors (#4928)6f43612Handle pathspec v1 changes (#4958)200c550Bump furo from 2025.9.25 to 2025.12.19 in /docs (#4933)Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting
@dependabot rebase.Dependabot commands and options
You can trigger Dependabot actions by commenting on this PR:
@dependabot rebasewill rebase this PR@dependabot recreatewill recreate this PR, overwriting any edits that have been made to it@dependabot mergewill merge this PR after your CI passes on it@dependabot squash and mergewill squash and merge this PR after your CI passes on it@dependabot cancel mergewill cancel a previously requested merge and block automerging@dependabot reopenwill reopen this PR if it is closed@dependabot closewill close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually@dependabot show <dependency name> ignore conditionswill show all of the ignore conditions of the specified dependency@dependabot ignore <dependency name> major versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself)@dependabot ignore <dependency name> minor versionwill close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself)@dependabot ignore <dependency name>will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself)@dependabot unignore <dependency name>will remove all of the ignore conditions of the specified dependency@dependabot unignore <dependency name> <ignore condition>will remove the ignore condition of the specified dependency and ignore conditions