Chore: update dependency Pillow to v10 [SECURITY] #844
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
![renovate[bot]](https://avatars.githubusercontent.com/in/2740?s=60&v=4){kind=small}
Edited/Blocked NotificationRenovate will not automatically rebase this PR, because it does not recognize the last commit author and assumes somebody else may have edited the PR. You can manually request rebase by checking the rebase/retry box above. ⚠ Warning: custom changes will be lost. |
Codecov ReportAll modified and coverable lines are covered by tests ✅
Additional details and impacted files@@ Coverage Diff @@
## main #844 +/- ##
=======================================
Coverage 93.46% 93.46%
=======================================
Files 85 85
Lines 5252 5252
Branches 1194 1194
=======================================
Hits 4909 4909
Misses 325 325
Partials 18 18 ☔ View full report in Codecov by Sentry. |
🔒 Inactive pull request lockThis pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs. Comment generated by the GitHub Lock Issues workflow. |
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This PR contains the following updates:
==9.5.0->==10.0.1GitHub Vulnerability Alerts
CVE-2023-4863
Heap buffer overflow in libwebp allow a remote attacker to perform an out of bounds memory write via a crafted HTML page.
Release Notes
python-pillow/Pillow (Pillow)
v10.0.1Compare Source
Updated libwebp to 1.3.2 #7395
[radarhere]
Updated zlib to 1.3 #7344
[radarhere]
v10.0.0Compare Source
Fixed deallocating mask images #7246
[radarhere]
Added ImageFont.MAX_STRING_LENGTH #7244
[radarhere, hugovk]
Fix Windows build with pyproject.toml #7230
[hugovk, nulano, radarhere]
Do not close provided file handles with libtiff #7199
[radarhere]
Convert to HSV if mode is HSV in getcolor() #7226
[radarhere]
Added alpha_only argument to getbbox() #7123
[radarhere. hugovk]
Prioritise speed in repr_png #7242
[radarhere]
Do not use CFFI access by default on PyPy #7236
[radarhere]
Limit size even if one dimension is zero in decompression bomb check #7235
[radarhere]
Use --config-settings instead of deprecated --global-option #7171
[radarhere]
Better C integer definitions #6645
[Yay295, hugovk]
Fixed finding dependencies on Cygwin #7175
[radarhere]
Changed grabclipboard() to use PNG instead of JPG compression on macOS #7219
[abey79, radarhere]
Added in_place argument to ImageOps.exif_transpose() #7092
[radarhere]
Fixed calling putpalette() on L and LA images before load() #7187
[radarhere]
Fixed saving TIFF multiframe images with LONG8 tag types #7078
[radarhere]
Fixed combining single duration across duplicate APNG frames #7146
[radarhere]
Remove temporary file when error is raised #7148
[radarhere]
Do not use temporary file when grabbing clipboard on Linux #7200
[radarhere]
If the clipboard fails to open on Windows, wait and try again #7141
[radarhere]
Fixed saving multiple 1 mode frames to GIF #7181
[radarhere]
Replaced absolute PIL import with relative import #7173
[radarhere]
Replaced deprecated Py_FileSystemDefaultEncoding for Python >= 3.12 #7192
[radarhere]
Improved wl-paste mimetype handling in ImageGrab #7094
[rrcgat, radarhere]
Added repr_jpeg() for IPython display_jpeg #7135
[n3011, radarhere, nulano]
Use "/sbin/ldconfig" if ldconfig is not found #7068
[radarhere]
Prefer screenshots using XCB over gnome-screenshot #7143
[nulano, radarhere]
Fixed joined corners for ImageDraw rounded_rectangle() odd dimensions #7151
[radarhere]
Support reading signed 8-bit TIFF images #7111
[radarhere]
Added width argument to ImageDraw regular_polygon #7132
[radarhere]
Support I mode for ImageFilter.BuiltinFilter #7108
[radarhere]
Raise error from stderr of Linux ImageGrab.grabclipboard() command #7112
[radarhere]
Added unpacker from I;16B to I;16 #7125
[radarhere]
Support float font sizes #7107
[radarhere]
Use later value for duplicate xref entries in PdfParser #7102
[radarhere]
Load before getting size in getstate #7105
[bigcat88, radarhere]
Fixed type handling for include and lib directories #7069
[adisbladis, radarhere]
Remove deprecations for Pillow 10.0.0 #7059, #7080
[hugovk, radarhere]
Drop support for soon-EOL Python 3.7 #7058
[hugovk, radarhere]
Configuration
📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).
🚦 Automerge: Enabled.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.