Bump dtale from 1.7.15 to 3.22.0

[dependabot]

Bumps dtale from 1.7.15 to 3.22.0.

Release notes

Sourced from dtale's releases.

D-Tale 3.22.0

Highlights include:

• Fix CWE-502: unsafe deserialization in Redis and Shelve storage backends
• Bump vulnerable transitive npm dependencies to patched versions
• remove dependency on dash-daq outside of python2.7 and unpin dash & dash-bootstrap-components
• Support for Python 3.14
• updates to save-column-filter endpoint to guard against code injection

D-Tale 3.19.1

Highlights in this release:

• #926: additional updates to kurtosis labeling

D-Tale 3.19.0

Highlights in this release:

• #926: updates to kurtosis labeling on frontend
• Updates for pandas 3
• front-end package upgrades

D-Tale 3.18.2

Highlights include:

• #920: support for arcticdb libraries with '/' character in name
• #916: removed pkg_resources imports

D-Tale 3.18.0

Highlights include:

• #912: translation files not being included in bundle
• #910: updates to where 'parse_version' comes from
• #909: allow 'theme' to be set from dtale.show

D-Tale 3.17.0

Highlights include:

• #905: updates for dash 3.0.0
• #902: fix text wrapping on row detail popup

D-Tale 3.16.0

Highlights include:

• #891: row details popup
• front-end package updates
• functionality to turn row expanders on/off
• updated CircleCI build script to use pip instead of setup.py for dependency installation

D-Tale 3.15.1

Highlights include:

• Un-pinned dash-bootstrap-components dependency
• Un-pinned Flask dependency
• Updated flask-ngrok to an optional dependency
• Remove dependency on contourpy

D-Tale 3.14.1

... (truncated)

Changelog

Sourced from dtale's changelog.

3.22.0 (2026-3-31)

• Fix CWE-502: unsafe deserialization in Redis and Shelve storage backends
• Bump vulnerable transitive npm dependencies to patched versions

3.21.0 (2026-3-26)

• Support for Python 3.14

3.20.0 (2026-2-18)

• updates to save-column-filter endpoint to guard against code injection

3.19.1 (2026-1-28)

• #926: additional updates to kurtosis labeling

3.19.0 (2026-1-27)

• #926: updates to kurtosis labeling on frontend
• Updates for pandas 3
• front-end package upgrades

3.18.2 (2025-7-28)

• #920: support for arcticdb libraries with '/' character in name

3.18.1 (2025-7-28)

• #916: removed pkg_resources imports

3.18.0 (2025-7-22)

• #912: translation files not being included in bundle
• #910: updates to where 'parse_version' comes from
• #909: allow 'theme' to be set from dtale.show

3.17.0 (2025-3-20)

• #905: updates for dash 3.0.0
• #902: fix text wrapping on row detail popup

3.16.1 (2024-12-13)

• #894: updates to 'update-settings' endpoint for security

3.16.0 (2024-12-3)

• #891: row details popup
• front-end package updates
• functionality to turn row expanders on/off
• updated CircleCI build script to use pip instead of setup.py for dependency installation

3.15.1 (2024-10-25)

• Un-pinned dash-bootstrap-components dependency

3.15.0 (2024-10-24)

• Un-pinned Flask dependency
• Updated flask-ngrok to an optional dependency
• Remove dependency on contourpy

... (truncated)

Commits

• 6379f1d Bump version numbers to 3.22.0
• 4278391 Fix/restricted unpickler compat (#947)
• 6862199 Fix CWE-502: unsafe deserialization in Redis and Shelve storage backends
• be325ef Bump vulnerable transitive npm dependencies to patched versions (#944)
• e9ddc5c Bump version numbers to 3.21.0
• 168c5ef build(deps): bump flatted from 3.3.3 to 3.4.2 in /frontend
• 463b973 Add Python 3.14 CircleCI support
• c4f04cd test: stabilize pytest suite across environments
• 1c6569e chore: bump minimatch 9.x to 9.0.7 and 3.x to 3.1.3 for ReDoS fix
• 86c082e chore: bump minimatch to 10.2.4 to resolve dependabot security alert
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  You can disable automated security fix PRs for this repo from the Security Alerts page.