Bump jsonpickle from 2.1.0 to 4.0.1 in /dependencies/python

[dependabot]

Bumps jsonpickle from 2.1.0 to 4.0.1.

Changelog

Sourced from jsonpickle's changelog.

v4.0.1

* The unpickler is now more resilient to malformed "py/reduce", "py/set",
  "py/tuple", "py/b64", "py/b85", and "py/iterator" input data. (+544) (+545)
* The test suite was updated to leverage more pytest features.
* The ``jsonpickle.compat`` module is no longer used. It is still provided
  for backwards compatibility but it may be removed in a future version.

v4.0.0

* **Breaking Change**: Python 3.7 is no longer supported.
* **Breaking Change**: Support for pre-0.7.0 ``repr``-serialized objects is no
  longer enabled by default. The ``safe`` option to ``decode()`` was changed from
  ``False`` to ``True``. Users can still pass ``safe=False`` to ``decode()`` in order
  to enable this feature for the purposes of loading older files, but beware that
  this feature relies on unsafe behavior through its use of ``eval()``. Users are
  encouraged to re-pickle old data in order to migrate away from the the unsafe loading
  feature. (+514)
* The pickler no longer produces ``py/repr`` tags when pickling modules.
  ``py/mod`` is used instead, as it is clearer and uses one less byte. (+514)
* The test suite no longer uses the deprecated ``datetime.datetime.utcnow()``
  function. (+539)

v3.4.2

* The breaking changes from v4 were inadvertedly included in v3.4.1, which has
  been yanked. This release remedies this by reverting the v4 changes.

v3.4.1

* Support decoding pandas dataframes encoded with versions 3.3.0 and older. (+536)

v3.4.0

* Officially support Python 3.12 in the GitHub Actions testing matrix, and update
  GHA package versions used. (+524)
* Improve reproducibility of benchmarking commands on Linux by using taskset and
  adding a "HOWTO" run benchmarks section in ``benchmarking/README.md``. (+526)
* The ``setup.cfg`` packaging configuration has been replaced by
  ``pyproject.toml``. (+527)
* ``yaml`` is now supported as a jsonpickle backend. (+528)
* `OSSFuzz <https://github.com/google/oss-fuzz>`_ scripts are now available in
  the ``fuzzing/`` directory. (+525)
* Pure-python dtypes are now preserved across ``encode()``/``decode()`` roundtrips
  for the pandas extension. ([#407](https://github.com/jsonpickle/jsonpickle/issues/407)) (+534)
* Pandas dataframe columns with an ``object`` dtype that contain multiple different
  types within (e.g. a column of type ``list[Union[str, int]]``) now preserve the types
  upon being roundtripped. ([#457](https://github.com/jsonpickle/jsonpickle/issues/457)) ([#358](https://github.com/jsonpickle/jsonpickle/issues/358)) (+534)
* Fix warnings in the test suite regarding numpy.compat usage. ([#533](https://github.com/jsonpickle/jsonpickle/issues/533)) (+535)

... (truncated)

Commits

• 01d4e12 jsonpickle v4.0.1
• d4e49ae Merge pull request #545 from davvid/main
• 9b68143 jsonpickle: guard against invalid b85 and b64 data
• 49af293 tests: test the unpickler against more invalid values
• bc1b0d6 Merge pull request #544 from davvid/robust-reduce
• 958452b unpickler: guard against malformed py/reduce values
• 35ab9ff Merge pull request #542 from Theelx/main
• 3bfba5f Merge pull request #541 from davvid/compat
• 126f598 api: inline PRIMITIVES and NUMERIC_TYPES
• 5f6d93e Guard against malformed py/tuple and/or py/iterator data
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)