Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Chore: update dependency Pillow to v10.2.0 [SECURITY] #887

Merged
merged 1 commit into from
Jan 22, 2024

Conversation

renovate[bot]
Copy link
Contributor

@renovate renovate bot commented Jan 22, 2024

Mend Renovate

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
Pillow (changelog) ==10.1.0 -> ==10.2.0 age adoption passing confidence

GitHub Vulnerability Alerts

CVE-2023-50447

Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).


Release Notes

python-pillow/Pillow (Pillow)

v10.2.0

Compare Source

  • Add keep_rgb option when saving JPEG to prevent conversion of RGB colorspace #​7553
    [bgilbert, radarhere]

  • Trim glyph size in ImageFont.getmask() #​7669, #​7672
    [radarhere, nulano]

  • Deprecate IptcImagePlugin helpers #​7664
    [nulano, hugovk, radarhere]

  • Allow uncompressed TIFF images to be saved in chunks #​7650
    [radarhere]

  • Concatenate multiple JPEG EXIF markers #​7496
    [radarhere]

  • Changed IPTC tile tuple to match other plugins #​7661
    [radarhere]

  • Do not assign new fp attribute when exiting context manager #​7566
    [radarhere]

  • Support arbitrary masks for uncompressed RGB DDS images #​7589
    [radarhere, akx]

  • Support setting ROWSPERSTRIP tag #​7654
    [radarhere]

  • Apply ImageFont.MAX_STRING_LENGTH to ImageFont.getmask() #​7662
    [radarhere]

  • Optimise ImageColor using functools.lru_cache #​7657
    [hugovk]

  • Restricted environment keys for ImageMath.eval() #​7655
    [wiredfool, radarhere]

  • Optimise ImageMode.getmode using functools.lru_cache #​7641
    [hugovk, radarhere]

  • Fix incorrect color blending for overlapping glyphs #​7497
    [ZachNagengast, nulano, radarhere]

  • Attempt memory mapping when tile args is a string #​7565
    [radarhere]

  • Fill identical pixels with transparency in subsequent frames when saving GIF #​7568
    [radarhere]

  • Corrected duration when combining multiple GIF frames into single frame #​7521
    [radarhere]

  • Handle disposing GIF background from outside palette #​7515
    [radarhere]

  • Seek past the data when skipping a PSD layer #​7483
    [radarhere]

  • Import plugins relative to the module #​7576
    [deliangyang, jaxx0n]

  • Translate encoder error codes to strings; deprecate ImageFile.raise_oserror() #​7609
    [bgilbert, radarhere]

  • Support reading BC4U and DX10 BC1 images #​6486
    [REDxEYE, radarhere, hugovk]

  • Optimize ImageStat.Stat.extrema #​7593
    [florath, radarhere]

  • Handle pathlib.Path in FreeTypeFont #​7578
    [radarhere, hugovk, nulano]

  • Added support for reading DX10 BC4 DDS images #​7603
    [sambvfx, radarhere]

  • Optimized ImageStat.Stat.count #​7599
    [florath]

  • Correct PDF palette size when saving #​7555
    [radarhere]

  • Fixed closing file pointer with olefile 0.47 #​7594
    [radarhere]

  • Raise ValueError when TrueType font size is not greater than zero #​7584, #​7587
    [akx, radarhere]

  • If absent, do not try to close fp when closing image #​7557
    [RaphaelVRossi, radarhere]

  • Allow configuring JPEG restart marker interval on save #​7488
    [bgilbert, radarhere]

  • Decrement reference count for PyObject #​7549
    [radarhere]

  • Implement streamtype=1 option for tables-only JPEG encoding #​7491
    [bgilbert, radarhere]

  • If save_all PNG only has one frame, do not create animated image #​7522
    [radarhere]

  • Fixed frombytes() for images with a zero dimension #​7493
    [radarhere]


Configuration

📅 Schedule: Branch creation - "" in timezone America/Los_Angeles, Automerge - At any time (no schedule defined).

🚦 Automerge: Enabled.

Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.


  • If you want to rebase/retry this PR, check this box

This PR has been generated by Mend Renovate. View repository job log here.

@renovate renovate bot added the security label Jan 22, 2024
@renovate renovate bot enabled auto-merge (squash) January 22, 2024 22:40
Copy link

codecov bot commented Jan 22, 2024

Codecov Report

All modified and coverable lines are covered by tests ✅

Comparison is base (71ead76) 0.00% compared to head (7e8580c) 93.39%.

Additional details and impacted files
@@            Coverage Diff            @@
##           main     #887       +/-   ##
=========================================
+ Coverage      0   93.39%   +93.39%     
=========================================
  Files         0       86       +86     
  Lines         0     5298     +5298     
  Branches      0     1216     +1216     
=========================================
+ Hits          0     4948     +4948     
- Misses        0      332      +332     
- Partials      0       18       +18     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@renovate renovate bot merged commit 47bf374 into main Jan 22, 2024
31 checks passed
@renovate renovate bot deleted the renovate/pypi-Pillow-vulnerability branch January 22, 2024 22:42
Copy link

🔒 Inactive pull request lock

This pull request has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

Comment generated by the GitHub Lock Issues workflow.

@github-actions github-actions bot locked as resolved and limited conversation to collaborators Feb 22, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

0 participants