Bump pillow from 8.2.0 to 8.3.0 in /tools #2

dependabot · 2021-07-01T13:47:00Z

Bumps pillow from 8.2.0 to 8.3.0.

Release notes

8.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html

Changes

Use snprintf instead of sprintf #5567 [@radarhere]

Limit TIFF strip size when saving with LibTIFF #5514 [@kmilos]

Allow ICNS save on all operating systems #4526 [@newpanjing]

De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables #4989 [@gofr]

Do not use background or transparency index for new color #5564 [@radarhere]

Simplified code #5315 [@radarhere]

Replaced xml.etree.ElementTree #5565 [@radarhere]

Corrected border position for P mode in ImageOps.expand() #5562 [@radarhere]

Moved CVE image to pillow-depends #5561 [@radarhere]

Added tag data for IFD groups #5554 [@radarhere]

Improved ImagePalette #5552 [@radarhere]

Add DDS saving #5402 [@radarhere]

Improved getxmp() #5455 [@radarhere]

Convert to float for comparison with float in IFDRational eq #5412 [@radarhere]

Allow getexif() to access TIFF tag_v2 data #5416 [@radarhere]

Read FITS image mode and size #5405 [@radarhere]

Merge parallel horizontal edges in ImagingDrawPolygon #5347 [@radarhere]

Use transparency behind first GIF frame and when disposing to background #5557 [@radarhere]

Fixed undefined variable in logging #5556 [@radarhere]

Avoid unstable nature of qsort in Quant.c #5367 [@radarhere]

Copy palette to new images in ImageOps expand #5551 [@radarhere]

Ensure palette string matches RGB mode #5549 [@radarhere]

Do not modify EXIF of original image instance in exif_transpose() #5547 [@radarhere]

Fixed default numresolution for small JPEG2000 images #5540 [@radarhere]

Fixed format warning #5535 [@radarhere]

Updated declaration to match definition #5534 [@radarhere]

Added DDS BC5 reading #5501 [@radarhere]

Raise an error if ImageDraw.textbbox is used without a TrueType font #5510 [@radarhere]

Added ICO saving in BMP format #5513 [@radarhere]

Ensure PNG seeks to end of previous chunk at start of load_end #5493 [@radarhere]

Do not allow TIFF to seek to a past frame #5473 [@radarhere]

Avoid race condition when displaying images with eog #5507 [@mconst]

Added specific error messages when ink has incorrect number of bands #5504 [@radarhere]

Allow converting an image to a numpy array to raise errors #5379 [@radarhere]

Use METH_NOARGS when no arguments are required #5488 [@radarhere]

Fixed typo #5505 [@radarhere]

Added CFAPattern, ExifVersion and FlashpixVersion UNDEFINED tags #5495 [@radarhere]

Removed DPI rounding from BMP, JPEG and PNG loading #5476 [@radarhere]

Removed WMF DPI rounding #5470 [@radarhere]

Remove spikes when drawing thin pieslices #5460 [@xtsm]

Updated default value for SAMPLESPERPIXEL TIFF tag #5452 [@radarhere]

HTTP link is not valid (wrong redirect) #5481 [@homm]

Removed TIFF DPI rounding #5446 [@radarhere]

Include code in WebP error #5471 [@radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

8.3.0 (2021-07-01)

Use snprintf instead of sprintf. CVE-2021-34552 #5567 [radarhere]

Limit TIFF strip size when saving with LibTIFF #5514 [kmilos]

Allow ICNS save on all operating systems #4526 [baletu, radarhere, newpanjing, hugovk]

De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables #4989 [gofr, radarhere]

Replaced xml.etree.ElementTree #5565 [radarhere]

Moved CVE image to pillow-depends #5561 [radarhere]

Added tag data for IFD groups #5554 [radarhere]

Improved ImagePalette #5552 [radarhere]

Add DDS saving #5402 [radarhere]

Improved getxmp() #5455 [radarhere]

Convert to float for comparison with float in IFDRational eq #5412 [radarhere]

Allow getexif() to access TIFF tag_v2 data #5416 [radarhere]

Read FITS image mode and size #5405 [radarhere]

Merge parallel horizontal edges in ImagingDrawPolygon #5347 [radarhere, hrdrq]

Use transparency behind first GIF frame and when disposing to background #5557 [radarhere, zewt]

Avoid unstable nature of qsort in Quant.c #5367 [radarhere]

... (truncated)

Commits

51591a8 8.3.0 version bump
8041c04 Update CHANGES.rst [ci skip]
d254e58 Added release notes for #5567
31c4738 Merge pull request #5567 from radarhere/sprintf
23b2151 Update CHANGES.rst [ci skip]
861a031 Merge pull request #5514 from kmilos/fix_tiff_rowsperstrip
f668368 Update CHANGES.rst [ci skip]
06f88dd Merge pull request #4526 from newpanjing/master
518ee37 Use snprintf instead of sprintf
43f5a5f Combined sizes and types into dictionary
Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

@dependabot rebase will rebase this PR
@dependabot recreate will recreate this PR, overwriting any edits that have been made to it
@dependabot merge will merge this PR after your CI passes on it
@dependabot squash and merge will squash and merge this PR after your CI passes on it
@dependabot cancel merge will cancel a previously requested merge and block automerging
@dependabot reopen will reopen this PR if it is closed
@dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
@dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
@dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

Bumps [pillow](https://github.com/python-pillow/Pillow) from 8.2.0 to 8.3.0. - [Release notes](https://github.com/python-pillow/Pillow/releases) - [Changelog](https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst) - [Commits](python-pillow/Pillow@8.2.0...8.3.0) --- updated-dependencies: - dependency-name: pillow dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>

dependabot · 2021-07-07T11:16:09Z

Superseded by #11.

This is a manual reland of https://chromium-review.googlesource.com/c/chromium/src/+/3247449 The difference from the previous reland is that the browser tests now include 2 separate timeouts and a double rAF, to ensure that the presentation timestamp taken is far enough from both the time the first frame is sent as well as from the time the second frame is sent. More importantly, the test now actually is looking at the UKM metric, rather than at the histogram. Original change's description: > [LCP] Add animated image support > > This CL adds support for better handling of animated images in LCP: > * A new attribute is exposing the first animated frame's paint time > (behind a flag). > * `startTime` is not changed. > * The PageLoadMetrics reported for LCP are set to that first frame paint > time for animated images (behind another flag). > * Entries are not emitted until the image is loaded. > > Relevant spec issue: > w3c/largest-contentful-paint#83 Bug: 1260953 Change-Id: I34070bd90a74ed44281da63b547f13d9669f389b Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3250690 Reviewed-by: Nicolás Peña Moreno <[email protected]> Commit-Queue: Yoav Weiss <[email protected]> Cr-Commit-Position: refs/heads/main@{#936516}

The previous patch: https://chromium-review.googlesource.com/c/chromium/src/+/3371612/6 checked an AnonymousIframe and an Iframe wasn't sharing the same partition. This one test: - Two sibling same-origin anonymous iframe share the same partition. - Two same-origin nested anonymous iframe share the same partition. - Two same-origin anonymous iframe from different popup do not share the same partition. Bug: 1285331,1226469 Change-Id: I7ebc3a5bbb5e1f12d0ceaac9d89c1deb30174a37 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3379159 Reviewed-by: Andrew Williams <[email protected]> Commit-Queue: Arthur Sonzogni <[email protected]> Cr-Commit-Position: refs/heads/main@{#960946} Co-authored-by: Arthur Sonzogni <[email protected]>

By adding new exhaustive tests under ordering/, it was revealed that the ordering between navigatesuccess/navigateerror and the committed/finished promises was not always consistent: 1. Simply adding a currentchange event handler would cause microtasks to run during commit, which changed some ordering. 2. Calling transitionWhile() would take us from the zero-promise case to the 1+-promise case in ScriptPromise::All(). As the new comment explains, both the spec and implementation have an observably-different fast path for the 0-promise case which caused changes in ordering. In the course of fixing this, I found out that the did_finish_before_commit_ code in app_history_api_navigation.{h,cc} was actually not a mitigation for the case it stated, where promises passed to transitionWhile() would settle faster than the browser-process roundtrip for same-document traversals. That is in fact impossible, since we only fire the navigate event after the browser-process roundtrip has completed. Instead, they were a mitigation for (1). This commit then ensures consistent ordering, tested with new rather-exhaustive tests, in the following manner: * We move the firing of currentchange to before resolving the committed promise. This eliminates (1) and allows us to delete the did_finish_before_commit_ tracking. * We always ensure we pass 1+ promises to ScriptPromise::All(). This eliminates (2). A consequence of this is that we are now more likely to get rejected finished promises, in cases like await appHistory.navigate("#1").committed; await appHistory.navigate("#2").committed; Before, the finished promise for the #1 navigation would go through the fast path per (2), and fulfill before the navigation to #2 canceled it. Now that does not happen, so code like the above will give an unhandled promise rejection for #1's finished promise. To avoid this, we unconditionally mark finished promises as handled. This follows some web platform precedent, e.g. stream closed promises, where the promise is one of several information channels (in this case the developer might also find out via the AbortSignal or the navigateerror event). We do *not* do this for the committed promise though, as if a commit fails, that's probably something more deeply wrong, and cannot be ignored. All of these changes will require spec updates. For the tests, we introduce a new ordering/ directory which contains cross-cutting ordering tests, and we consolidate a few tests into the newly-introduced variant-driven exhaustive ones. A couple of other tests were affected by these changes too or fixed as a drive-by. Change-Id: I8a50ca28d009e0a8a2c94331cd17f29b0a8dc463 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/3405377 Reviewed-by: Nate Chapin <[email protected]> Commit-Queue: Domenic Denicola <[email protected]> Cr-Commit-Position: refs/heads/main@{#963772}

dependabot bot added dependencies Pull requests that update a dependency file python Pull requests that update Python code labels Jul 1, 2021

dependabot bot closed this Jul 7, 2021

dependabot bot deleted the dependabot/pip/tools/pillow-8.3.0 branch July 7, 2021 11:16

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Bump pillow from 8.2.0 to 8.3.0 in /tools #2

Bump pillow from 8.2.0 to 8.3.0 in /tools #2

dependabot bot commented on behalf of github Jul 1, 2021

dependabot bot commented on behalf of github Jul 7, 2021

Bump pillow from 8.2.0 to 8.3.0 in /tools #2

Bump pillow from 8.2.0 to 8.3.0 in /tools #2

Conversation

dependabot bot commented on behalf of github Jul 1, 2021

8.3.0

Changes

8.3.0 (2021-07-01)

dependabot bot commented on behalf of github Jul 7, 2021