profile
viewpoint
If you are wondering where the data of this site comes from, please visit https://api.github.com/users/pyupio/events. GitMemory does not store any data, but only uses NGINX to cache data for a period of time. The idea behind GitMemory is simply to give users a better reading experience.

pyupio/safety 1102

Safety checks your installed dependencies for known security vulnerabilities

pyupio/safety-db 653

A curated database of insecure Python packages

pyupio/pyup 393

A tool to update your project's dependencies on GitHub. Runs on pyup.io, comes with a command line interface.

pyupio/pyup-django 70

Displays a red warning banner if you are running an insecure Django release.

pyupio/changelogs 51

A changelog finder and parser for packages available on pypi, npm and rubygems.

pyupio/dparse 41

A parser for Python dependency files

pyupio/PyGithub 1

Python library implementing the GitHub API v3

startedpyupio/safety

started time in a day

issue commentpyupio/safety

Report contains lots of duplicated vulnerabilities with tensorflow==2.4.0 and the commercial database

@millenc I closed this issue because it was fixed in our backend side, no update is needed, so you should be able to see the fix with no action from your side. Let me know if it's ok for you, don't hesitate to reach us if there is another issue.

@yeisonvargasf I can confirm that the issue appears to be fixed. I've tried using safety on a fresh project with tensorflow==2.5.0 (one of the affected versions) and the report looks good now.

Thank you very much for your support!

millenc

comment created time in a day

issue commentpyupio/safety

Report contains lots of duplicated vulnerabilities with tensorflow==2.4.0 and the commercial database

@millenc I closed this issue because it was fixed in our backend side, no update is needed, so you should be able to see the fix with no action from your side. Let me know if it's ok for you, don't hesitate to reach us if there is another issue.

millenc

comment created time in 2 days

issue closedpyupio/safety

Report contains lots of duplicated vulnerabilities with tensorflow==2.4.0 and the commercial database

  • safety version: 1.10.3
  • Python version: 3.7.10
  • Operating System: Ubuntu 20.04

Description

The safety report (either --full-report or --short-report) is huge and contains lots of duplicated lines when tensorflow 2.4.0 is installed and an API key is used.

What I Did

  1. Create a fresh virtual environment: virtualenv -p /usr/bin/python3.7 ~/.envs/tensorflow
  2. Activate the environment
  3. Install tensorflow (2.4.0) and the latest version of safety: pip3 install tensorflow==2.4.0 safety
  4. Run the analysis: safety check
  5. Export the API key environment variable: export SAFETY_API_KEY="<MY API KEY HERE>"
  6. Run the analysis again

Running safety with no API key (step 4.) the report looks like this:

+==============================================================================+
|                                                                              |
|                               /$$$$$$            /$$                         |
|                              /$$__  $$          | $$                         |
|           /$$$$$$$  /$$$$$$ | $$  \__//$$$$$$  /$$$$$$   /$$   /$$           |
|          /$$_____/ |____  $$| $$$$   /$$__  $$|_  $$_/  | $$  | $$           |
|         |  $$$$$$   /$$$$$$$| $$_/  | $$$$$$$$  | $$    | $$  | $$           |
|          \____  $$ /$$__  $$| $$    | $$_____/  | $$ /$$| $$  | $$           |
|          /$$$$$$$/|  $$$$$$$| $$    |  $$$$$$$  |  $$$$/|  $$$$$$$           |
|         |_______/  \_______/|__/     \_______/   \___/   \____  $$           |
|                                                          /$$  | $$           |
|                                                         |  $$$$$$/           |
|  by pyup.io                                              \______/            |
|                                                                              |
+==============================================================================+
| REPORT                                                                       |
| checked 47 packages, using free DB (updated once a month)                    |
+============================+===========+==========================+==========+
| package                    | installed | affected                 | ID       |
+============================+===========+==========================+==========+
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40469    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40472    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40682    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40684    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40678    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40681    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40683    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40680    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40679    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40691    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40467    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40694    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40692    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40695    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40465    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40688    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40689    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40690    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40468    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40697    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40767    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40706    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40710    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40677    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40693    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40700    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40696    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40699    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40702    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40701    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40698    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40772    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40675    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40676    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40673    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40747    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40748    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40715    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40708    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40703    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40744    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40464    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40734    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40770    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40728    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40766    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40714    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40685    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40746    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40686    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40718    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40738    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40741    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40466    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40742    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40765    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40712    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40713    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40716    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40724    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40721    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40768    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40705    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40764    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40740    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40723    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40722    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40720    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40717    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40707    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40731    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40732    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40733    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40735    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40736    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40737    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40739    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40743    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40745    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40687    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40749    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40750    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40751    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40752    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40753    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40754    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40755    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40756    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40757    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40758    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40759    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40760    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40761    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40762    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40763    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40704    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40769    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40709    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40771    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40711    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40773    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40774    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40775    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40777    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40778    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40725    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40719    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40726    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40727    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40729    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40730    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40470    |
| tensorflow                 | 2.4.0     | >=2.4.0rc0,<2.4.2        | 40471    |
+==============================================================================+

If I export the API key (step 5.) and run the analysis again (step 6.) the result is the log included on the attached file:

safety-check-tensorflow-2.4.0-with-apikey.log

As you can see, there are more than 16k lines in there. Such a report is not useful at all and causes issues on CI/CD pipelines that impose limits on the size of logs. Using the --full-report option is even worse since the log turns out to have more than 160k lines (~14MB). The same thing happens with the JSON report.

closed time in 2 days

millenc

startedpyupio/safety

started time in 2 days

startedpyupio/safety

started time in 3 days

startedpyupio/pyup

started time in 5 days

fork SCH227/safety

Safety checks your installed dependencies for known security vulnerabilities

https://pyup.io/safety/

fork in 5 days

issue openedpyupio/safety-db

False Positive for KeplerGL

installing keplergl via pip install keplergl raises the following warning:

+==============================================================================+ 
| REPORT | 
| checked 330 packages, using free DB (updated once a month) | 
+============================+===========+==========================+==========+ 
| package | installed | affected | ID | 
+============================+===========+==========================+==========+ 
| keplergl | 0.3.0 | <2.4.0 | 39211 | 
+==============================================================================+ 
| Keplergl 2.4.0 fixes several security vulnerabilities (9a13ce68). No details | 
| were provided. | 
+==============================================================================+ 

This is a false positive: the pip package https://pypi.org/project/keplergl/ is currently at version 0.3.x. On pypi it is linked to the parent repo containing the javascript code for kepler.gl which is currently at version 2.5.x.

The vulnerability check here is thus comparing the version of two different things which happen to live in the same repository.

The offending entry in the database seems to be:

"keplergl": [
        {
            "advisory": "Keplergl 2.4.0 fixes several security vulnerabilities (9a13ce68). No details were provided.",
            "cve": "PVE-2021-39211",
            "id": "pyup.io-39211",
            "specs": [
                "<2.4.0"
            ],
            "v": "<2.4.0"
        }
    ],

created time in 6 days

startedpyupio/safety

started time in 8 days

issue openedpyupio/safety

Feature request: run from Python

  • safety version: 1.10.3
  • Python version: 3.6/3.7/3.8/3.9
  • Operating System: Windows

Description

We would like to implement a check at the beginning of our code whether all used packages are safe, according to 'safety'. Is it / would it be possible to run safety from Python, inspecting the current work environment, and allowing the Python code then to determine whether it can continue safely or whether there is an issue? This would put many (manager)minds at ease :)

I'm aware of the possibility of Python to run commands, but I would prefer a more pythonic approach.

What I Did

Read the documentation and search the internet.

created time in 8 days

startedpyupio/safety

started time in 8 days

issue commentpyupio/pyup

Stop creating a new branch each day and edit one dedicated branch.

Are there any plans to provide this feature eventually? The daily PR open/close spam cycle is becoming extremely ridiculous with many repos affected by similar dependencies that cannot be updated right away. It is littering my notifications to a point that I'm considering to remove pyup entirely.

DEKHTIARJonathan

comment created time in 8 days

startedpyupio/safety

started time in 9 days

delete branch pyupio/safety-bar

delete branch : dependabot/pip/test_files/proj8/pillow-8.2.0

delete time in 9 days

pull request commentpyupio/safety-bar

Bump pillow from 2.9.0 to 8.2.0 in /test_files/proj8

Superseded by #38.

dependabot[bot]

comment created time in 9 days

PR closed pyupio/safety-bar

Bump pillow from 2.9.0 to 8.2.0 in /test_files/proj8 dependencies

Bumps pillow from 2.9.0 to 8.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p> <blockquote> <h2>8.2.0</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html</a></p> <h2>Changes</h2> <ul> <li>Security fixes for 8.2.0 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5377">#5377</a> [<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li> <li>Move getxmp() to JpegImageFile <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5376">#5376</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Added getxmp() method <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5144">#5144</a> [<a href="https://github.com/UrielMaD"><code>@​UrielMaD</code></a>]</li> <li>Compile LibTIFF with CMake on Windows <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5359">#5359</a> [<a href="https://github.com/nulano"><code>@​nulano</code></a>]</li> <li>Add ImageShow support for GraphicsMagick <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5349">#5349</a> [<a href="https://github.com/latosha-maltba"><code>@​latosha-maltba</code></a>]</li> <li>Tiff crash fixes in TiffDecode.c <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5372">#5372</a> [<a href="https://github.com/wiredfool"><code>@​wiredfool</code></a>]</li> <li>Remove redundant check (addition to <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5364">#5364</a>) <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5366">#5366</a> [<a href="https://github.com/kkopachev"><code>@​kkopachev</code></a>]</li> <li>Do not load transparent pixels from subsequent GIF frames <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5333">#5333</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Use LZW encoding when saving GIF images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5291">#5291</a> [<a href="https://github.com/raygard"><code>@​raygard</code></a>]</li> <li>Set all transparent colors to be equal in quantize() <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5282">#5282</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Allow PixelAccess to use Python <strong>int</strong> when parsing x and y <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5206">#5206</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Removed Image._MODEINFO <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5316">#5316</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Add preserve_tone option to autocontrast <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5350">#5350</a> [<a href="https://github.com/elejke"><code>@​elejke</code></a>]</li> <li>Only import numpy when necessary <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5323">#5323</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Fixed linear_gradient and radial_gradient I and F modes <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5274">#5274</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Add support for reading TIFFs with PlanarConfiguration=2 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5364">#5364</a> [<a href="https://github.com/wiredfool"><code>@​wiredfool</code></a>]</li> <li>More OSS-Fuzz support <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5328">#5328</a> [<a href="https://github.com/wiredfool"><code>@​wiredfool</code></a>]</li> <li>Do not premultiply alpha when resizing with Image.NEAREST resampling <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5304">#5304</a> [<a href="https://github.com/nulano"><code>@​nulano</code></a>]</li> <li>Use quantization method attributes <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5353">#5353</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Dynamically link FriBiDi instead of Raqm <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5062">#5062</a> [<a href="https://github.com/nulano"><code>@​nulano</code></a>]</li> <li>Removed build_distance_tables return value <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5363">#5363</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Allow fewer PNG palette entries than the bit depth maximum when saving <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5330">#5330</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Use duration from info dictionary when saving WebP <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5338">#5338</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Improved efficiency when creating GIF disposal images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5326">#5326</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Stop flattening EXIF IFD into getexif() <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4947">#4947</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Replaced tiff_deflate with tiff_adobe_deflate compression when saving TIFF images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5343">#5343</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Save ICC profile from TIFF encoderinfo <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5321">#5321</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Moved RGB fix inside ImageQt class <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5268">#5268</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Fix -Wformat error in TiffDecode <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5305">#5305</a> [<a href="https://github.com/lukegb"><code>@​lukegb</code></a>]</li> <li>Allow alpha_composite destination to be negative <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5313">#5313</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Ensure file is closed if it is opened by ImageQt.ImageQt <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5260">#5260</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Added ImageDraw rounded_rectangle method <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5208">#5208</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Added IPythonViewer <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5289">#5289</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Only draw each rectangle outline pixel once <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5183">#5183</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Use mmap instead of built-in Win32 mapper <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5224">#5224</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Handle PCX images with an odd stride <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5214">#5214</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Only read different sizes for "Large Thumbnail" MPO frames <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5168">#5168</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <h2>Dependencies</h2> <ul> <li>Updated harfbuzz to 2.8.0 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5334">#5334</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <h2>Deprecations</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst">pillow's changelog</a>.</em></p> <blockquote> <h2>8.2.0 (2021-04-01)</h2> <ul> <li> <p>Added getxmp() method <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5144">#5144</a> [UrielMaD, radarhere]</p> </li> <li> <p>Add ImageShow support for GraphicsMagick <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5349">#5349</a> [latosha-maltba, radarhere]</p> </li> <li> <p>Do not load transparent pixels from subsequent GIF frames <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5333">#5333</a> [zewt, radarhere]</p> </li> <li> <p>Use LZW encoding when saving GIF images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5291">#5291</a> [raygard]</p> </li> <li> <p>Set all transparent colors to be equal in quantize() <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5282">#5282</a> [radarhere]</p> </li> <li> <p>Allow PixelAccess to use Python <strong>int</strong> when parsing x and y <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5206">#5206</a> [radarhere]</p> </li> <li> <p>Removed Image._MODEINFO <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5316">#5316</a> [radarhere]</p> </li> <li> <p>Add preserve_tone option to autocontrast <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5350">#5350</a> [elejke, radarhere]</p> </li> <li> <p>Fixed linear_gradient and radial_gradient I and F modes <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5274">#5274</a> [radarhere]</p> </li> <li> <p>Add support for reading TIFFs with PlanarConfiguration=2 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5364">#5364</a> [kkopachev, wiredfool, nulano]</p> </li> <li> <p>Deprecated categories <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5351">#5351</a> [radarhere]</p> </li> <li> <p>Do not premultiply alpha when resizing with Image.NEAREST resampling <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5304">#5304</a> [nulano]</p> </li> <li> <p>Dynamically link FriBiDi instead of Raqm <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5062">#5062</a> [nulano]</p> </li> <li> <p>Allow fewer PNG palette entries than the bit depth maximum when saving <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5330">#5330</a> [radarhere]</p> </li> <li> <p>Use duration from info dictionary when saving WebP <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5338">#5338</a> [radarhere]</p> </li> <li> <p>Stop flattening EXIF IFD into getexif() <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4947">#4947</a> [radarhere, kkopachev]</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-pillow/Pillow/commit/e0e353c0ef7516979a9aedce3792596649ce4433"><code>e0e353c</code></a> 8.2.0 version bump</li> <li><a href="https://github.com/python-pillow/Pillow/commit/ee635befc6497f1c6c4fdb58c232e62d922ec8b7"><code>ee635be</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5377">#5377</a> from hugovk/security-and-release-notes</li> <li><a href="https://github.com/python-pillow/Pillow/commit/694c84f88f4299319bac49b20bd9baae82ca41b8"><code>694c84f</code></a> Fix typo [ci skip]</li> <li><a href="https://github.com/python-pillow/Pillow/commit/8febdad8dd51ad5c75a1db78492973588c7cbf6b"><code>8febdad</code></a> Review, typos and lint</li> <li><a href="https://github.com/python-pillow/Pillow/commit/fea419665b75f11910e44cfe6f89622fda63e78b"><code>fea4196</code></a> Reorder, roughly alphabetic</li> <li><a href="https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1"><code>496245a</code></a> Fix BLP DOS -- CVE-2021-28678</li> <li><a href="https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497"><code>22e9bee</code></a> Fix DOS in PSDImagePlugin -- CVE-2021-28675</li> <li><a href="https://github.com/python-pillow/Pillow/commit/ba65f0b08ee8b93195c3f3277820771f5b62aa52"><code>ba65f0b</code></a> Fix Memory DOS in ImageFont</li> <li><a href="https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856"><code>bb6c11f</code></a> Fix FLI DOS -- CVE-2021-28676</li> <li><a href="https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92"><code>5a5e6db</code></a> Fix EPS DOS on _open -- CVE-2021-28677</li> <li>Additional commits viewable in <a href="https://github.com/python-pillow/Pillow/compare/2.9.0...8.2.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

1 comment

1 changed file

dependabot[bot]

pr closed time in 9 days

PR opened pyupio/safety-bar

Bump pillow from 2.9.0 to 8.3.2 in /test_files/proj8

Bumps pillow from 2.9.0 to 8.3.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p> <blockquote> <h2>8.3.2</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html</a></p> <h2>Security</h2> <ul> <li> <p>CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]</p> </li> <li> <p>Fix 6-byte OOB read in FliDecode [wiredfool]</p> </li> </ul> <h2>Python 3.10 wheels</h2> <ul> <li>Add support for Python 3.10 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5569">#5569</a>, <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5570">#5570</a> [hugovk, radarhere]</li> </ul> <h2>Fixed regressions</h2> <ul> <li> <p>Ensure TIFF <code>RowsPerStrip</code> is multiple of 8 for JPEG compression <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5588">#5588</a> [kmilos, radarhere]</p> </li> <li> <p>Updates for <code>ImagePalette</code> channel order <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5599">#5599</a> [radarhere]</p> </li> <li> <p>Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5651">#5651</a> [nulano]</p> </li> </ul> <h2>8.3.1</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.1.html</a></p> <h2>Changes</h2> <ul> <li>Catch OSError when checking if fp is sys.stdout <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5585">#5585</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Handle removing orientation from alternate types of EXIF data <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5584">#5584</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Make Image.<strong>array</strong> take optional dtype argument <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5572">#5572</a> [<a href="https://github.com/t-vi"><code>@​t-vi</code></a>]</li> </ul> <h2>8.3.0</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html</a></p> <h2>Changes</h2> <ul> <li>Use snprintf instead of sprintf <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5567">#5567</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Limit TIFF strip size when saving with LibTIFF <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5514">#5514</a> [<a href="https://github.com/kmilos"><code>@​kmilos</code></a>]</li> <li>Allow ICNS save on all operating systems <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4526">#4526</a> [<a href="https://github.com/newpanjing"><code>@​newpanjing</code></a>]</li> <li>De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4989">#4989</a> [<a href="https://github.com/gofr"><code>@​gofr</code></a>]</li> <li>Do not use background or transparency index for new color <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5564">#5564</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Simplified code <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5315">#5315</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Replaced xml.etree.ElementTree <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5565">#5565</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst">pillow's changelog</a>.</em></p> <blockquote> <h2>8.3.2 (2021-09-02)</h2> <ul> <li> <p>CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]</p> </li> <li> <p>Fix 6-byte OOB read in FliDecode [wiredfool]</p> </li> <li> <p>Add support for Python 3.10 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5569">#5569</a>, <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5570">#5570</a> [hugovk, radarhere]</p> </li> <li> <p>Ensure TIFF <code>RowsPerStrip</code> is multiple of 8 for JPEG compression <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5588">#5588</a> [kmilos, radarhere]</p> </li> <li> <p>Updates for <code>ImagePalette</code> channel order <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5599">#5599</a> [radarhere]</p> </li> <li> <p>Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5651">#5651</a> [nulano]</p> </li> </ul> <h2>8.3.1 (2021-07-06)</h2> <ul> <li> <p>Catch OSError when checking if fp is sys.stdout <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5585">#5585</a> [radarhere]</p> </li> <li> <p>Handle removing orientation from alternate types of EXIF data <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5584">#5584</a> [radarhere]</p> </li> <li> <p>Make Image.<strong>array</strong> take optional dtype argument <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5572">#5572</a> [t-vi, radarhere]</p> </li> </ul> <h2>8.3.0 (2021-07-01)</h2> <ul> <li> <p>Use snprintf instead of sprintf. CVE-2021-34552 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5567">#5567</a> [radarhere]</p> </li> <li> <p>Limit TIFF strip size when saving with LibTIFF <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5514">#5514</a> [kmilos]</p> </li> <li> <p>Allow ICNS save on all operating systems <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4526">#4526</a> [baletu, radarhere, newpanjing, hugovk]</p> </li> <li> <p>De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4989">#4989</a> [gofr, radarhere]</p> </li> <li> <p>Replaced xml.etree.ElementTree <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5565">#5565</a> [radarhere]</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-pillow/Pillow/commit/8013f130a5077b238a4346b73e149432b180a8ea"><code>8013f13</code></a> 8.3.2 version bump</li> <li><a href="https://github.com/python-pillow/Pillow/commit/23c7ca82f09df6ba1047d2d96714eb825f0d7948"><code>23c7ca8</code></a> Update CHANGES.rst</li> <li><a href="https://github.com/python-pillow/Pillow/commit/8450366be331762ae327036e3c6658c517b05638"><code>8450366</code></a> Update release notes</li> <li><a href="https://github.com/python-pillow/Pillow/commit/a0afe89990f5ba40a019afc2f22e1b656f8cfd03"><code>a0afe89</code></a> Update test case</li> <li><a href="https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"><code>9e08eb8</code></a> Raise ValueError if color specifier is too long</li> <li><a href="https://github.com/python-pillow/Pillow/commit/bd5cf7db87c6abf7c3510a50170851af5538249f"><code>bd5cf7d</code></a> FLI tests for Oss-fuzz crash.</li> <li><a href="https://github.com/python-pillow/Pillow/commit/94a0cf1b14f09626c7403af83fa9fef0dfc9bb47"><code>94a0cf1</code></a> Fix 6-byte OOB read in FliDecode</li> <li><a href="https://github.com/python-pillow/Pillow/commit/cece64f4be10ab28b12a83a3555af579dad343a5"><code>cece64f</code></a> Add 8.3.2 (2021-09-02) [CI skip]</li> <li><a href="https://github.com/python-pillow/Pillow/commit/e42238637651f191c2fc6e3f4024348c126e0ccc"><code>e422386</code></a> Add release notes for Pillow 8.3.2</li> <li><a href="https://github.com/python-pillow/Pillow/commit/08dcbb873217874eee0830fc5aaa1f231c5af4fa"><code>08dcbb8</code></a> Pillow 8.3.2 supports Python 3.10 [ci skip]</li> <li>Additional commits viewable in <a href="https://github.com/python-pillow/Pillow/compare/2.9.0...8.3.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 9 days

delete branch pyupio/safety-bar

delete branch : dependabot/pip/test_files/proj5/pillow-8.2.0

delete time in 9 days

PR closed pyupio/safety-bar

Bump pillow from 2.9.0 to 8.2.0 in /test_files/proj5 dependencies

Bumps pillow from 2.9.0 to 8.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p> <blockquote> <h2>8.2.0</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html</a></p> <h2>Changes</h2> <ul> <li>Security fixes for 8.2.0 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5377">#5377</a> [<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li> <li>Move getxmp() to JpegImageFile <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5376">#5376</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Added getxmp() method <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5144">#5144</a> [<a href="https://github.com/UrielMaD"><code>@​UrielMaD</code></a>]</li> <li>Compile LibTIFF with CMake on Windows <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5359">#5359</a> [<a href="https://github.com/nulano"><code>@​nulano</code></a>]</li> <li>Add ImageShow support for GraphicsMagick <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5349">#5349</a> [<a href="https://github.com/latosha-maltba"><code>@​latosha-maltba</code></a>]</li> <li>Tiff crash fixes in TiffDecode.c <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5372">#5372</a> [<a href="https://github.com/wiredfool"><code>@​wiredfool</code></a>]</li> <li>Remove redundant check (addition to <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5364">#5364</a>) <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5366">#5366</a> [<a href="https://github.com/kkopachev"><code>@​kkopachev</code></a>]</li> <li>Do not load transparent pixels from subsequent GIF frames <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5333">#5333</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Use LZW encoding when saving GIF images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5291">#5291</a> [<a href="https://github.com/raygard"><code>@​raygard</code></a>]</li> <li>Set all transparent colors to be equal in quantize() <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5282">#5282</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Allow PixelAccess to use Python <strong>int</strong> when parsing x and y <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5206">#5206</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Removed Image._MODEINFO <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5316">#5316</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Add preserve_tone option to autocontrast <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5350">#5350</a> [<a href="https://github.com/elejke"><code>@​elejke</code></a>]</li> <li>Only import numpy when necessary <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5323">#5323</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Fixed linear_gradient and radial_gradient I and F modes <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5274">#5274</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Add support for reading TIFFs with PlanarConfiguration=2 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5364">#5364</a> [<a href="https://github.com/wiredfool"><code>@​wiredfool</code></a>]</li> <li>More OSS-Fuzz support <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5328">#5328</a> [<a href="https://github.com/wiredfool"><code>@​wiredfool</code></a>]</li> <li>Do not premultiply alpha when resizing with Image.NEAREST resampling <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5304">#5304</a> [<a href="https://github.com/nulano"><code>@​nulano</code></a>]</li> <li>Use quantization method attributes <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5353">#5353</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Dynamically link FriBiDi instead of Raqm <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5062">#5062</a> [<a href="https://github.com/nulano"><code>@​nulano</code></a>]</li> <li>Removed build_distance_tables return value <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5363">#5363</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Allow fewer PNG palette entries than the bit depth maximum when saving <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5330">#5330</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Use duration from info dictionary when saving WebP <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5338">#5338</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Improved efficiency when creating GIF disposal images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5326">#5326</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Stop flattening EXIF IFD into getexif() <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4947">#4947</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Replaced tiff_deflate with tiff_adobe_deflate compression when saving TIFF images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5343">#5343</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Save ICC profile from TIFF encoderinfo <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5321">#5321</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Moved RGB fix inside ImageQt class <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5268">#5268</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Fix -Wformat error in TiffDecode <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5305">#5305</a> [<a href="https://github.com/lukegb"><code>@​lukegb</code></a>]</li> <li>Allow alpha_composite destination to be negative <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5313">#5313</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Ensure file is closed if it is opened by ImageQt.ImageQt <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5260">#5260</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Added ImageDraw rounded_rectangle method <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5208">#5208</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Added IPythonViewer <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5289">#5289</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Only draw each rectangle outline pixel once <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5183">#5183</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Use mmap instead of built-in Win32 mapper <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5224">#5224</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Handle PCX images with an odd stride <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5214">#5214</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Only read different sizes for "Large Thumbnail" MPO frames <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5168">#5168</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <h2>Dependencies</h2> <ul> <li>Updated harfbuzz to 2.8.0 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5334">#5334</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <h2>Deprecations</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst">pillow's changelog</a>.</em></p> <blockquote> <h2>8.2.0 (2021-04-01)</h2> <ul> <li> <p>Added getxmp() method <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5144">#5144</a> [UrielMaD, radarhere]</p> </li> <li> <p>Add ImageShow support for GraphicsMagick <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5349">#5349</a> [latosha-maltba, radarhere]</p> </li> <li> <p>Do not load transparent pixels from subsequent GIF frames <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5333">#5333</a> [zewt, radarhere]</p> </li> <li> <p>Use LZW encoding when saving GIF images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5291">#5291</a> [raygard]</p> </li> <li> <p>Set all transparent colors to be equal in quantize() <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5282">#5282</a> [radarhere]</p> </li> <li> <p>Allow PixelAccess to use Python <strong>int</strong> when parsing x and y <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5206">#5206</a> [radarhere]</p> </li> <li> <p>Removed Image._MODEINFO <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5316">#5316</a> [radarhere]</p> </li> <li> <p>Add preserve_tone option to autocontrast <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5350">#5350</a> [elejke, radarhere]</p> </li> <li> <p>Fixed linear_gradient and radial_gradient I and F modes <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5274">#5274</a> [radarhere]</p> </li> <li> <p>Add support for reading TIFFs with PlanarConfiguration=2 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5364">#5364</a> [kkopachev, wiredfool, nulano]</p> </li> <li> <p>Deprecated categories <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5351">#5351</a> [radarhere]</p> </li> <li> <p>Do not premultiply alpha when resizing with Image.NEAREST resampling <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5304">#5304</a> [nulano]</p> </li> <li> <p>Dynamically link FriBiDi instead of Raqm <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5062">#5062</a> [nulano]</p> </li> <li> <p>Allow fewer PNG palette entries than the bit depth maximum when saving <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5330">#5330</a> [radarhere]</p> </li> <li> <p>Use duration from info dictionary when saving WebP <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5338">#5338</a> [radarhere]</p> </li> <li> <p>Stop flattening EXIF IFD into getexif() <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4947">#4947</a> [radarhere, kkopachev]</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-pillow/Pillow/commit/e0e353c0ef7516979a9aedce3792596649ce4433"><code>e0e353c</code></a> 8.2.0 version bump</li> <li><a href="https://github.com/python-pillow/Pillow/commit/ee635befc6497f1c6c4fdb58c232e62d922ec8b7"><code>ee635be</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5377">#5377</a> from hugovk/security-and-release-notes</li> <li><a href="https://github.com/python-pillow/Pillow/commit/694c84f88f4299319bac49b20bd9baae82ca41b8"><code>694c84f</code></a> Fix typo [ci skip]</li> <li><a href="https://github.com/python-pillow/Pillow/commit/8febdad8dd51ad5c75a1db78492973588c7cbf6b"><code>8febdad</code></a> Review, typos and lint</li> <li><a href="https://github.com/python-pillow/Pillow/commit/fea419665b75f11910e44cfe6f89622fda63e78b"><code>fea4196</code></a> Reorder, roughly alphabetic</li> <li><a href="https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1"><code>496245a</code></a> Fix BLP DOS -- CVE-2021-28678</li> <li><a href="https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497"><code>22e9bee</code></a> Fix DOS in PSDImagePlugin -- CVE-2021-28675</li> <li><a href="https://github.com/python-pillow/Pillow/commit/ba65f0b08ee8b93195c3f3277820771f5b62aa52"><code>ba65f0b</code></a> Fix Memory DOS in ImageFont</li> <li><a href="https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856"><code>bb6c11f</code></a> Fix FLI DOS -- CVE-2021-28676</li> <li><a href="https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92"><code>5a5e6db</code></a> Fix EPS DOS on _open -- CVE-2021-28677</li> <li>Additional commits viewable in <a href="https://github.com/python-pillow/Pillow/compare/2.9.0...8.2.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

1 comment

1 changed file

dependabot[bot]

pr closed time in 9 days

pull request commentpyupio/safety-bar

Bump pillow from 2.9.0 to 8.2.0 in /test_files/proj5

Superseded by #37.

dependabot[bot]

comment created time in 9 days

PR opened pyupio/safety-bar

Bump pillow from 2.9.0 to 8.3.2 in /test_files/proj5

Bumps pillow from 2.9.0 to 8.3.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p> <blockquote> <h2>8.3.2</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html</a></p> <h2>Security</h2> <ul> <li> <p>CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]</p> </li> <li> <p>Fix 6-byte OOB read in FliDecode [wiredfool]</p> </li> </ul> <h2>Python 3.10 wheels</h2> <ul> <li>Add support for Python 3.10 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5569">#5569</a>, <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5570">#5570</a> [hugovk, radarhere]</li> </ul> <h2>Fixed regressions</h2> <ul> <li> <p>Ensure TIFF <code>RowsPerStrip</code> is multiple of 8 for JPEG compression <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5588">#5588</a> [kmilos, radarhere]</p> </li> <li> <p>Updates for <code>ImagePalette</code> channel order <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5599">#5599</a> [radarhere]</p> </li> <li> <p>Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5651">#5651</a> [nulano]</p> </li> </ul> <h2>8.3.1</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.1.html</a></p> <h2>Changes</h2> <ul> <li>Catch OSError when checking if fp is sys.stdout <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5585">#5585</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Handle removing orientation from alternate types of EXIF data <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5584">#5584</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Make Image.<strong>array</strong> take optional dtype argument <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5572">#5572</a> [<a href="https://github.com/t-vi"><code>@​t-vi</code></a>]</li> </ul> <h2>8.3.0</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html</a></p> <h2>Changes</h2> <ul> <li>Use snprintf instead of sprintf <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5567">#5567</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Limit TIFF strip size when saving with LibTIFF <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5514">#5514</a> [<a href="https://github.com/kmilos"><code>@​kmilos</code></a>]</li> <li>Allow ICNS save on all operating systems <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4526">#4526</a> [<a href="https://github.com/newpanjing"><code>@​newpanjing</code></a>]</li> <li>De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4989">#4989</a> [<a href="https://github.com/gofr"><code>@​gofr</code></a>]</li> <li>Do not use background or transparency index for new color <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5564">#5564</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Simplified code <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5315">#5315</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Replaced xml.etree.ElementTree <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5565">#5565</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst">pillow's changelog</a>.</em></p> <blockquote> <h2>8.3.2 (2021-09-02)</h2> <ul> <li> <p>CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]</p> </li> <li> <p>Fix 6-byte OOB read in FliDecode [wiredfool]</p> </li> <li> <p>Add support for Python 3.10 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5569">#5569</a>, <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5570">#5570</a> [hugovk, radarhere]</p> </li> <li> <p>Ensure TIFF <code>RowsPerStrip</code> is multiple of 8 for JPEG compression <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5588">#5588</a> [kmilos, radarhere]</p> </li> <li> <p>Updates for <code>ImagePalette</code> channel order <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5599">#5599</a> [radarhere]</p> </li> <li> <p>Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5651">#5651</a> [nulano]</p> </li> </ul> <h2>8.3.1 (2021-07-06)</h2> <ul> <li> <p>Catch OSError when checking if fp is sys.stdout <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5585">#5585</a> [radarhere]</p> </li> <li> <p>Handle removing orientation from alternate types of EXIF data <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5584">#5584</a> [radarhere]</p> </li> <li> <p>Make Image.<strong>array</strong> take optional dtype argument <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5572">#5572</a> [t-vi, radarhere]</p> </li> </ul> <h2>8.3.0 (2021-07-01)</h2> <ul> <li> <p>Use snprintf instead of sprintf. CVE-2021-34552 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5567">#5567</a> [radarhere]</p> </li> <li> <p>Limit TIFF strip size when saving with LibTIFF <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5514">#5514</a> [kmilos]</p> </li> <li> <p>Allow ICNS save on all operating systems <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4526">#4526</a> [baletu, radarhere, newpanjing, hugovk]</p> </li> <li> <p>De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4989">#4989</a> [gofr, radarhere]</p> </li> <li> <p>Replaced xml.etree.ElementTree <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5565">#5565</a> [radarhere]</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-pillow/Pillow/commit/8013f130a5077b238a4346b73e149432b180a8ea"><code>8013f13</code></a> 8.3.2 version bump</li> <li><a href="https://github.com/python-pillow/Pillow/commit/23c7ca82f09df6ba1047d2d96714eb825f0d7948"><code>23c7ca8</code></a> Update CHANGES.rst</li> <li><a href="https://github.com/python-pillow/Pillow/commit/8450366be331762ae327036e3c6658c517b05638"><code>8450366</code></a> Update release notes</li> <li><a href="https://github.com/python-pillow/Pillow/commit/a0afe89990f5ba40a019afc2f22e1b656f8cfd03"><code>a0afe89</code></a> Update test case</li> <li><a href="https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"><code>9e08eb8</code></a> Raise ValueError if color specifier is too long</li> <li><a href="https://github.com/python-pillow/Pillow/commit/bd5cf7db87c6abf7c3510a50170851af5538249f"><code>bd5cf7d</code></a> FLI tests for Oss-fuzz crash.</li> <li><a href="https://github.com/python-pillow/Pillow/commit/94a0cf1b14f09626c7403af83fa9fef0dfc9bb47"><code>94a0cf1</code></a> Fix 6-byte OOB read in FliDecode</li> <li><a href="https://github.com/python-pillow/Pillow/commit/cece64f4be10ab28b12a83a3555af579dad343a5"><code>cece64f</code></a> Add 8.3.2 (2021-09-02) [CI skip]</li> <li><a href="https://github.com/python-pillow/Pillow/commit/e42238637651f191c2fc6e3f4024348c126e0ccc"><code>e422386</code></a> Add release notes for Pillow 8.3.2</li> <li><a href="https://github.com/python-pillow/Pillow/commit/08dcbb873217874eee0830fc5aaa1f231c5af4fa"><code>08dcbb8</code></a> Pillow 8.3.2 supports Python 3.10 [ci skip]</li> <li>Additional commits viewable in <a href="https://github.com/python-pillow/Pillow/compare/2.9.0...8.3.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 9 days

delete branch pyupio/safety-bar

delete branch : dependabot/pip/test_files/proj2/pillow-8.2.0

delete time in 9 days

PR closed pyupio/safety-bar

Bump pillow from 2.9.0 to 8.2.0 in /test_files/proj2 dependencies

Bumps pillow from 2.9.0 to 8.2.0. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p> <blockquote> <h2>8.2.0</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.2.0.html</a></p> <h2>Changes</h2> <ul> <li>Security fixes for 8.2.0 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5377">#5377</a> [<a href="https://github.com/hugovk"><code>@​hugovk</code></a>]</li> <li>Move getxmp() to JpegImageFile <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5376">#5376</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Added getxmp() method <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5144">#5144</a> [<a href="https://github.com/UrielMaD"><code>@​UrielMaD</code></a>]</li> <li>Compile LibTIFF with CMake on Windows <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5359">#5359</a> [<a href="https://github.com/nulano"><code>@​nulano</code></a>]</li> <li>Add ImageShow support for GraphicsMagick <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5349">#5349</a> [<a href="https://github.com/latosha-maltba"><code>@​latosha-maltba</code></a>]</li> <li>Tiff crash fixes in TiffDecode.c <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5372">#5372</a> [<a href="https://github.com/wiredfool"><code>@​wiredfool</code></a>]</li> <li>Remove redundant check (addition to <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5364">#5364</a>) <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5366">#5366</a> [<a href="https://github.com/kkopachev"><code>@​kkopachev</code></a>]</li> <li>Do not load transparent pixels from subsequent GIF frames <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5333">#5333</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Use LZW encoding when saving GIF images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5291">#5291</a> [<a href="https://github.com/raygard"><code>@​raygard</code></a>]</li> <li>Set all transparent colors to be equal in quantize() <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5282">#5282</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Allow PixelAccess to use Python <strong>int</strong> when parsing x and y <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5206">#5206</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Removed Image._MODEINFO <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5316">#5316</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Add preserve_tone option to autocontrast <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5350">#5350</a> [<a href="https://github.com/elejke"><code>@​elejke</code></a>]</li> <li>Only import numpy when necessary <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5323">#5323</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Fixed linear_gradient and radial_gradient I and F modes <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5274">#5274</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Add support for reading TIFFs with PlanarConfiguration=2 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5364">#5364</a> [<a href="https://github.com/wiredfool"><code>@​wiredfool</code></a>]</li> <li>More OSS-Fuzz support <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5328">#5328</a> [<a href="https://github.com/wiredfool"><code>@​wiredfool</code></a>]</li> <li>Do not premultiply alpha when resizing with Image.NEAREST resampling <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5304">#5304</a> [<a href="https://github.com/nulano"><code>@​nulano</code></a>]</li> <li>Use quantization method attributes <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5353">#5353</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Dynamically link FriBiDi instead of Raqm <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5062">#5062</a> [<a href="https://github.com/nulano"><code>@​nulano</code></a>]</li> <li>Removed build_distance_tables return value <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5363">#5363</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Allow fewer PNG palette entries than the bit depth maximum when saving <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5330">#5330</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Use duration from info dictionary when saving WebP <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5338">#5338</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Improved efficiency when creating GIF disposal images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5326">#5326</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Stop flattening EXIF IFD into getexif() <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4947">#4947</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Replaced tiff_deflate with tiff_adobe_deflate compression when saving TIFF images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5343">#5343</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Save ICC profile from TIFF encoderinfo <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5321">#5321</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Moved RGB fix inside ImageQt class <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5268">#5268</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Fix -Wformat error in TiffDecode <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5305">#5305</a> [<a href="https://github.com/lukegb"><code>@​lukegb</code></a>]</li> <li>Allow alpha_composite destination to be negative <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5313">#5313</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Ensure file is closed if it is opened by ImageQt.ImageQt <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5260">#5260</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Added ImageDraw rounded_rectangle method <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5208">#5208</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Added IPythonViewer <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5289">#5289</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Only draw each rectangle outline pixel once <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5183">#5183</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Use mmap instead of built-in Win32 mapper <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5224">#5224</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Handle PCX images with an odd stride <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5214">#5214</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Only read different sizes for "Large Thumbnail" MPO frames <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5168">#5168</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <h2>Dependencies</h2> <ul> <li>Updated harfbuzz to 2.8.0 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5334">#5334</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <h2>Deprecations</h2> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst">pillow's changelog</a>.</em></p> <blockquote> <h2>8.2.0 (2021-04-01)</h2> <ul> <li> <p>Added getxmp() method <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5144">#5144</a> [UrielMaD, radarhere]</p> </li> <li> <p>Add ImageShow support for GraphicsMagick <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5349">#5349</a> [latosha-maltba, radarhere]</p> </li> <li> <p>Do not load transparent pixels from subsequent GIF frames <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5333">#5333</a> [zewt, radarhere]</p> </li> <li> <p>Use LZW encoding when saving GIF images <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5291">#5291</a> [raygard]</p> </li> <li> <p>Set all transparent colors to be equal in quantize() <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5282">#5282</a> [radarhere]</p> </li> <li> <p>Allow PixelAccess to use Python <strong>int</strong> when parsing x and y <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5206">#5206</a> [radarhere]</p> </li> <li> <p>Removed Image._MODEINFO <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5316">#5316</a> [radarhere]</p> </li> <li> <p>Add preserve_tone option to autocontrast <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5350">#5350</a> [elejke, radarhere]</p> </li> <li> <p>Fixed linear_gradient and radial_gradient I and F modes <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5274">#5274</a> [radarhere]</p> </li> <li> <p>Add support for reading TIFFs with PlanarConfiguration=2 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5364">#5364</a> [kkopachev, wiredfool, nulano]</p> </li> <li> <p>Deprecated categories <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5351">#5351</a> [radarhere]</p> </li> <li> <p>Do not premultiply alpha when resizing with Image.NEAREST resampling <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5304">#5304</a> [nulano]</p> </li> <li> <p>Dynamically link FriBiDi instead of Raqm <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5062">#5062</a> [nulano]</p> </li> <li> <p>Allow fewer PNG palette entries than the bit depth maximum when saving <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5330">#5330</a> [radarhere]</p> </li> <li> <p>Use duration from info dictionary when saving WebP <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5338">#5338</a> [radarhere]</p> </li> <li> <p>Stop flattening EXIF IFD into getexif() <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4947">#4947</a> [radarhere, kkopachev]</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-pillow/Pillow/commit/e0e353c0ef7516979a9aedce3792596649ce4433"><code>e0e353c</code></a> 8.2.0 version bump</li> <li><a href="https://github.com/python-pillow/Pillow/commit/ee635befc6497f1c6c4fdb58c232e62d922ec8b7"><code>ee635be</code></a> Merge pull request <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5377">#5377</a> from hugovk/security-and-release-notes</li> <li><a href="https://github.com/python-pillow/Pillow/commit/694c84f88f4299319bac49b20bd9baae82ca41b8"><code>694c84f</code></a> Fix typo [ci skip]</li> <li><a href="https://github.com/python-pillow/Pillow/commit/8febdad8dd51ad5c75a1db78492973588c7cbf6b"><code>8febdad</code></a> Review, typos and lint</li> <li><a href="https://github.com/python-pillow/Pillow/commit/fea419665b75f11910e44cfe6f89622fda63e78b"><code>fea4196</code></a> Reorder, roughly alphabetic</li> <li><a href="https://github.com/python-pillow/Pillow/commit/496245aa4365d0827390bd0b6fbd11287453b3a1"><code>496245a</code></a> Fix BLP DOS -- CVE-2021-28678</li> <li><a href="https://github.com/python-pillow/Pillow/commit/22e9bee4ef225c0edbb9323f94c26cee0c623497"><code>22e9bee</code></a> Fix DOS in PSDImagePlugin -- CVE-2021-28675</li> <li><a href="https://github.com/python-pillow/Pillow/commit/ba65f0b08ee8b93195c3f3277820771f5b62aa52"><code>ba65f0b</code></a> Fix Memory DOS in ImageFont</li> <li><a href="https://github.com/python-pillow/Pillow/commit/bb6c11fb889e6c11b0ee122b828132ee763b5856"><code>bb6c11f</code></a> Fix FLI DOS -- CVE-2021-28676</li> <li><a href="https://github.com/python-pillow/Pillow/commit/5a5e6db0abf4e7a638fb1b3408c4e495a096cb92"><code>5a5e6db</code></a> Fix EPS DOS on _open -- CVE-2021-28677</li> <li>Additional commits viewable in <a href="https://github.com/python-pillow/Pillow/compare/2.9.0...8.2.0">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

1 comment

1 changed file

dependabot[bot]

pr closed time in 9 days

pull request commentpyupio/safety-bar

Bump pillow from 2.9.0 to 8.2.0 in /test_files/proj2

Superseded by #36.

dependabot[bot]

comment created time in 9 days

PR opened pyupio/safety-bar

Bump pillow from 2.9.0 to 8.3.2 in /test_files/proj2

Bumps pillow from 2.9.0 to 8.3.2. <details> <summary>Release notes</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/releases">pillow's releases</a>.</em></p> <blockquote> <h2>8.3.2</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.2.html</a></p> <h2>Security</h2> <ul> <li> <p>CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]</p> </li> <li> <p>Fix 6-byte OOB read in FliDecode [wiredfool]</p> </li> </ul> <h2>Python 3.10 wheels</h2> <ul> <li>Add support for Python 3.10 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5569">#5569</a>, <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5570">#5570</a> [hugovk, radarhere]</li> </ul> <h2>Fixed regressions</h2> <ul> <li> <p>Ensure TIFF <code>RowsPerStrip</code> is multiple of 8 for JPEG compression <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5588">#5588</a> [kmilos, radarhere]</p> </li> <li> <p>Updates for <code>ImagePalette</code> channel order <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5599">#5599</a> [radarhere]</p> </li> <li> <p>Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5651">#5651</a> [nulano]</p> </li> </ul> <h2>8.3.1</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.1.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.1.html</a></p> <h2>Changes</h2> <ul> <li>Catch OSError when checking if fp is sys.stdout <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5585">#5585</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Handle removing orientation from alternate types of EXIF data <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5584">#5584</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Make Image.<strong>array</strong> take optional dtype argument <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5572">#5572</a> [<a href="https://github.com/t-vi"><code>@​t-vi</code></a>]</li> </ul> <h2>8.3.0</h2> <p><a href="https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html">https://pillow.readthedocs.io/en/stable/releasenotes/8.3.0.html</a></p> <h2>Changes</h2> <ul> <li>Use snprintf instead of sprintf <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5567">#5567</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Limit TIFF strip size when saving with LibTIFF <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5514">#5514</a> [<a href="https://github.com/kmilos"><code>@​kmilos</code></a>]</li> <li>Allow ICNS save on all operating systems <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4526">#4526</a> [<a href="https://github.com/newpanjing"><code>@​newpanjing</code></a>]</li> <li>De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4989">#4989</a> [<a href="https://github.com/gofr"><code>@​gofr</code></a>]</li> <li>Do not use background or transparency index for new color <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5564">#5564</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Simplified code <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5315">#5315</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> <li>Replaced xml.etree.ElementTree <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5565">#5565</a> [<a href="https://github.com/radarhere"><code>@​radarhere</code></a>]</li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Changelog</summary> <p><em>Sourced from <a href="https://github.com/python-pillow/Pillow/blob/master/CHANGES.rst">pillow's changelog</a>.</em></p> <blockquote> <h2>8.3.2 (2021-09-02)</h2> <ul> <li> <p>CVE-2021-23437 Raise ValueError if color specifier is too long [hugovk, radarhere]</p> </li> <li> <p>Fix 6-byte OOB read in FliDecode [wiredfool]</p> </li> <li> <p>Add support for Python 3.10 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5569">#5569</a>, <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5570">#5570</a> [hugovk, radarhere]</p> </li> <li> <p>Ensure TIFF <code>RowsPerStrip</code> is multiple of 8 for JPEG compression <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5588">#5588</a> [kmilos, radarhere]</p> </li> <li> <p>Updates for <code>ImagePalette</code> channel order <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5599">#5599</a> [radarhere]</p> </li> <li> <p>Hide FriBiDi shim symbols to avoid conflict with real FriBiDi library <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5651">#5651</a> [nulano]</p> </li> </ul> <h2>8.3.1 (2021-07-06)</h2> <ul> <li> <p>Catch OSError when checking if fp is sys.stdout <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5585">#5585</a> [radarhere]</p> </li> <li> <p>Handle removing orientation from alternate types of EXIF data <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5584">#5584</a> [radarhere]</p> </li> <li> <p>Make Image.<strong>array</strong> take optional dtype argument <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5572">#5572</a> [t-vi, radarhere]</p> </li> </ul> <h2>8.3.0 (2021-07-01)</h2> <ul> <li> <p>Use snprintf instead of sprintf. CVE-2021-34552 <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5567">#5567</a> [radarhere]</p> </li> <li> <p>Limit TIFF strip size when saving with LibTIFF <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5514">#5514</a> [kmilos]</p> </li> <li> <p>Allow ICNS save on all operating systems <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4526">#4526</a> [baletu, radarhere, newpanjing, hugovk]</p> </li> <li> <p>De-zigzag JPEG's DQT when loading; deprecate convert_dict_qtables <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/4989">#4989</a> [gofr, radarhere]</p> </li> <li> <p>Replaced xml.etree.ElementTree <a href="https://github-redirect.dependabot.com/python-pillow/Pillow/issues/5565">#5565</a> [radarhere]</p> </li> </ul> <!-- raw HTML omitted --> </blockquote> <p>... (truncated)</p> </details> <details> <summary>Commits</summary> <ul> <li><a href="https://github.com/python-pillow/Pillow/commit/8013f130a5077b238a4346b73e149432b180a8ea"><code>8013f13</code></a> 8.3.2 version bump</li> <li><a href="https://github.com/python-pillow/Pillow/commit/23c7ca82f09df6ba1047d2d96714eb825f0d7948"><code>23c7ca8</code></a> Update CHANGES.rst</li> <li><a href="https://github.com/python-pillow/Pillow/commit/8450366be331762ae327036e3c6658c517b05638"><code>8450366</code></a> Update release notes</li> <li><a href="https://github.com/python-pillow/Pillow/commit/a0afe89990f5ba40a019afc2f22e1b656f8cfd03"><code>a0afe89</code></a> Update test case</li> <li><a href="https://github.com/python-pillow/Pillow/commit/9e08eb8f78fdfd2f476e1b20b7cf38683754866b"><code>9e08eb8</code></a> Raise ValueError if color specifier is too long</li> <li><a href="https://github.com/python-pillow/Pillow/commit/bd5cf7db87c6abf7c3510a50170851af5538249f"><code>bd5cf7d</code></a> FLI tests for Oss-fuzz crash.</li> <li><a href="https://github.com/python-pillow/Pillow/commit/94a0cf1b14f09626c7403af83fa9fef0dfc9bb47"><code>94a0cf1</code></a> Fix 6-byte OOB read in FliDecode</li> <li><a href="https://github.com/python-pillow/Pillow/commit/cece64f4be10ab28b12a83a3555af579dad343a5"><code>cece64f</code></a> Add 8.3.2 (2021-09-02) [CI skip]</li> <li><a href="https://github.com/python-pillow/Pillow/commit/e42238637651f191c2fc6e3f4024348c126e0ccc"><code>e422386</code></a> Add release notes for Pillow 8.3.2</li> <li><a href="https://github.com/python-pillow/Pillow/commit/08dcbb873217874eee0830fc5aaa1f231c5af4fa"><code>08dcbb8</code></a> Pillow 8.3.2 supports Python 3.10 [ci skip]</li> <li>Additional commits viewable in <a href="https://github.com/python-pillow/Pillow/compare/2.9.0...8.3.2">compare view</a></li> </ul> </details> <br />

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


<details> <summary>Dependabot commands and options</summary> <br />

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
  • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
  • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
  • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
  • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

You can disable automated security fix PRs for this repo from the Security Alerts page.

</details>

+1 -1

0 comment

1 changed file

pr created time in 9 days

startedpyupio/dparse

started time in 9 days