Bump pandas from 1.2.2 to 1.2.3

[dependabot]

Bumps pandas from 1.2.2 to 1.2.3.

Release notes

Sourced from pandas's releases.

Pandas 1.2.3

This is a patch release in the 1.2.x series and includes some regression fixes. We recommend that all users upgrade to this version.

See the full whatsnew for a list of all the changes.

The release will be available on the defaults and conda-forge channels:

conda install pandas

Or via PyPI:

python3 -m pip install --upgrade pandas

Please report any issues with the release on the pandas issue tracker.

Commits

• f2c8480 RLS: 1.2.3
• 7b57a6f Backport PR #40137: DOC: 1.2.3 release date (#40165)
• 885efcf Backport PR #40090 on branch 1.2.x (#40117)
• 90f3797 Backport PR #39451: BUG: raise when sort_index with ascending=None (#40083)
• 3667165 Remove numpy pin from environment.yml on 1.2.x (#39998)
• 4df87a3 Backport PR #40010: REGR: compressed to_json with URL-like paths and binary o...
• d29f019 Backport PR #40019: DOC: Edit regression fix release note (#40025)
• b14ffd8 Backport PR #40020: CI/TST: Supply dtype to coo_matrix until scipy is fixed (...
• e0321f1 Backport PR #39978: DOC: fix template substitution in pad/bfill docstrings (#...
• 3b671c8 Backport PR #39971: REGR: Fix assignment bug for unary operators (#39990)
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[AtsushiSakai]

Hi. @jhutchings1
Is it possible to advise me how to fix the CodeQL error in this PR?
The message shows "Error: The repo on which this action is running is not opted-in to CodeQL code scanning."
Should I do something for opt-in?

[jhutchings1]

@AtsushiSakai Thank you for letting me know. I'm going to ping our engineers, since that shouldn't be happening. Stay tuned.

[robertbrignull]

I've done a detailed writeup of the cause and workarounds for this problem at github/codeql-action#416 (comment)

For this PR right now you can just retry the workflow and it should succeed. Longer term see that comment for how to avoid failing analyses on dependabot PRs. Here you're running code scanning twice on this PR as it triggered on the push and pull_request events, so you want to configure the workflow triggers to avoid triggering on push to dependabot branches.

[dependabot]

OK, I won't notify you again about this release, but will get in touch when a new version is available.

If you change your mind, just re-open this PR and I'll resolve any conflicts on it.

[AtsushiSakai]

@jhutchings1 @robertbrignull Thank you for providing workaround. I will try it.