Update pillow requirement from ~=8.1.1 to ~=8.1.2

[dependabot]

Updates the requirements on pillow to permit the latest version.

Release notes

Sourced from pillow's releases.

8.1.2

https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html

Changelog

Sourced from pillow's changelog.

8.1.2 (2021-03-06)

• Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923) Image Plugins [wiredfool]

8.1.1 (2021-03-01)

• Use more specific regex chars to prevent ReDoS. CVE-2021-25292 [hugovk]

• Fix OOB Read in TiffDecode.c, and check the tile validity before reading. CVE-2021-25291 [wiredfool]

• Fix negative size read in TiffDecode.c. CVE-2021-25290 [wiredfool]

• Fix OOB read in SgiRleDecode.c. CVE-2021-25293 [wiredfool]

• Incorrect error code checking in TiffDecode.c. CVE-2021-25289 [wiredfool]

• PyModule_AddObject fix for Python 3.10 #5194 [radarhere]

8.1.0 (2021-01-02)

• Fix TIFF OOB Write error. CVE-2020-35654 #5175 [wiredfool]

• Fix for Read Overflow in PCX Decoding. CVE-2020-35653 #5174 [wiredfool, radarhere]

• Fix for SGI Decode buffer overrun. CVE-2020-35655 #5173 [wiredfool, radarhere]

• Fix OOB Read when saving GIF of xsize=1 #5149 [wiredfool]

• Makefile updates #5159 [wiredfool, radarhere]

• Add support for PySide6 #5161 [hugovk]

• Use disposal settings from previous frame in APNG #5126 [radarhere]

... (truncated)

Commits

• 88bd672 8.1.2 version bump
• d348636 Update CHANGES.rst [ci skip]
• 2a66fa7 Added release notes for 8.1.2
• 608bf4f Lint fix
• 756fff3 Fix Memory DOS in Icns, Ico and Blp Image Plugins
• 886ad5a Fix filename spelling
• 0907fb1 Expanded "OOB" to "out-of-bounds" [ci skip]
• c60c092 CHANGES.rst: update dates
• 8fb5e50 Added more CVE numbers [ci skip]
• a10d2c9 Updated spelling [ci skip]
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[OctoNezd]

@dependabot merge

…

On Mon, 8 Mar 2021 at 10:34, dependabot[bot] ***@***.***> wrote: Updates the requirements on pillow <https://github.com/python-pillow/Pillow> to permit the latest version. Release notes *Sourced from pillow's releases <https://github.com/python-pillow/Pillow/releases>.* 8.1.2 https://pillow.readthedocs.io/en/stable/releasenotes/8.1.2.html Changelog *Sourced from pillow's changelog <https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst>.* 8.1.2 (2021-03-06) - Fix Memory DOS in BLP (CVE-2021-27921), ICNS (CVE-2021-27922) and ICO (CVE-2021-27923) Image Plugins [wiredfool] 8.1.1 (2021-03-01) - Use more specific regex chars to prevent ReDoS. CVE-2021-25292 [hugovk] - Fix OOB Read in TiffDecode.c, and check the tile validity before reading. CVE-2021-25291 [wiredfool] - Fix negative size read in TiffDecode.c. CVE-2021-25290 [wiredfool] - Fix OOB read in SgiRleDecode.c. CVE-2021-25293 [wiredfool] - Incorrect error code checking in TiffDecode.c. CVE-2021-25289 [wiredfool] - PyModule_AddObject fix for Python 3.10 #5194 <python-pillow/Pillow#5194> [radarhere] 8.1.0 (2021-01-02) - Fix TIFF OOB Write error. CVE-2020-35654 #5175 <python-pillow/Pillow#5175> [wiredfool] - Fix for Read Overflow in PCX Decoding. CVE-2020-35653 #5174 <python-pillow/Pillow#5174> [wiredfool, radarhere] - Fix for SGI Decode buffer overrun. CVE-2020-35655 #5173 <python-pillow/Pillow#5173> [wiredfool, radarhere] - Fix OOB Read when saving GIF of xsize=1 #5149 <python-pillow/Pillow#5149> [wiredfool] - Makefile updates #5159 <python-pillow/Pillow#5159> [wiredfool, radarhere] - Add support for PySide6 #5161 <python-pillow/Pillow#5161> [hugovk] - Use disposal settings from previous frame in APNG #5126 <python-pillow/Pillow#5126> [radarhere] ... (truncated) Commits - 88bd672 <python-pillow/Pillow@88bd672> 8.1.2 version bump - d348636 <python-pillow/Pillow@d348636> Update CHANGES.rst [ci skip] - 2a66fa7 <python-pillow/Pillow@2a66fa7> Added release notes for 8.1.2 - 608bf4f <python-pillow/Pillow@608bf4f> Lint fix - 756fff3 <python-pillow/Pillow@756fff3> Fix Memory DOS in Icns, Ico and Blp Image Plugins - 886ad5a <python-pillow/Pillow@886ad5a> Fix filename spelling - 0907fb1 <python-pillow/Pillow@0907fb1> Expanded "OOB" to "out-of-bounds" [ci skip] - c60c092 <python-pillow/Pillow@c60c092> CHANGES.rst: update dates - 8fb5e50 <python-pillow/Pillow@8fb5e50> Added more CVE numbers [ci skip] - a10d2c9 <python-pillow/Pillow@a10d2c9> Updated spelling [ci skip] - Additional commits viewable in compare view <python-pillow/Pillow@8.1.1...8.1.2> Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase. ------------------------------ Dependabot commands and options You can trigger Dependabot actions by commenting on this PR: - @dependabot rebase will rebase this PR - @dependabot recreate will recreate this PR, overwriting any edits that have been made to it - @dependabot merge will merge this PR after your CI passes on it - @dependabot squash and merge will squash and merge this PR after your CI passes on it - @dependabot cancel merge will cancel a previously requested merge and block automerging - @dependabot reopen will reopen this PR if it is closed - @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself) - @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself) ------------------------------ You can view, comment on, or merge this pull request online at: #27 Commit Summary - Update pillow requirement from ~=8.1.1 to ~=8.1.2 File Changes - *M* requirements.txt <https://github.com/octo-tg-bot/octobotv4/pull/27/files#diff-4d7c51b1efe9043e44439a949dfd92e5827321b34082903477fd04876edb7552> (2) Patch Links: - https://github.com/octo-tg-bot/octobotv4/pull/27.patch - https://github.com/octo-tg-bot/octobotv4/pull/27.diff — You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub <#27>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ADUZM5EELO26NNEKV4IFTRDTCR4ZBANCNFSM4YY4DE5A> .