EDM115
commented
6 months ago duplicate of #259
Closed renovate[bot] closed 6 months ago
EDM115
commented
6 months ago duplicate of #259
renovate[bot]
commented
6 months ago Because you closed this PR without merging, Renovate will ignore this update (==10.2.0). You will get a PR once a newer version is released. To ignore this dependency forever, add it to the ignoreDeps array of your Renovate config.
If you accidentally closed this PR, or if you changed your mind: rename this PR to get a fresh replacement PR.
This PR contains the following updates:
==10.1.0->==10.2.0GitHub Vulnerability Alerts
CVE-2023-50447
Pillow through 10.1.0 allows PIL.ImageMath.eval Arbitrary Code Execution via the environment parameter, a different vulnerability than CVE-2022-22817 (which was about the expression parameter).
Release Notes
python-pillow/Pillow (Pillow)
### [`v10.2.0`](https://togithub.com/python-pillow/Pillow/blob/HEAD/CHANGES.rst#1020-2024-01-02) [Compare Source](https://togithub.com/python-pillow/Pillow/compare/10.1.0...10.2.0) - Add `keep_rgb` option when saving JPEG to prevent conversion of RGB colorspace [#7553](https://togithub.com/python-pillow/Pillow/issues/7553) \[bgilbert, radarhere] - Trim glyph size in ImageFont.getmask() [#7669](https://togithub.com/python-pillow/Pillow/issues/7669), [#7672](https://togithub.com/python-pillow/Pillow/issues/7672) \[radarhere, nulano] - Deprecate IptcImagePlugin helpers [#7664](https://togithub.com/python-pillow/Pillow/issues/7664) \[nulano, hugovk, radarhere] - Allow uncompressed TIFF images to be saved in chunks [#7650](https://togithub.com/python-pillow/Pillow/issues/7650) \[radarhere] - Concatenate multiple JPEG EXIF markers [#7496](https://togithub.com/python-pillow/Pillow/issues/7496) \[radarhere] - Changed IPTC tile tuple to match other plugins [#7661](https://togithub.com/python-pillow/Pillow/issues/7661) \[radarhere] - Do not assign new fp attribute when exiting context manager [#7566](https://togithub.com/python-pillow/Pillow/issues/7566) \[radarhere] - Support arbitrary masks for uncompressed RGB DDS images [#7589](https://togithub.com/python-pillow/Pillow/issues/7589) \[radarhere, akx] - Support setting ROWSPERSTRIP tag [#7654](https://togithub.com/python-pillow/Pillow/issues/7654) \[radarhere] - Apply ImageFont.MAX_STRING_LENGTH to ImageFont.getmask() [#7662](https://togithub.com/python-pillow/Pillow/issues/7662) \[radarhere] - Optimise `ImageColor` using `functools.lru_cache` [#7657](https://togithub.com/python-pillow/Pillow/issues/7657) \[hugovk] - Restricted environment keys for ImageMath.eval() [#7655](https://togithub.com/python-pillow/Pillow/issues/7655) \[wiredfool, radarhere] - Optimise `ImageMode.getmode` using `functools.lru_cache` [#7641](https://togithub.com/python-pillow/Pillow/issues/7641) \[hugovk, radarhere] - Fix incorrect color blending for overlapping glyphs [#7497](https://togithub.com/python-pillow/Pillow/issues/7497) \[ZachNagengast, nulano, radarhere] - Attempt memory mapping when tile args is a string [#7565](https://togithub.com/python-pillow/Pillow/issues/7565) \[radarhere] - Fill identical pixels with transparency in subsequent frames when saving GIF [#7568](https://togithub.com/python-pillow/Pillow/issues/7568) \[radarhere] - Corrected duration when combining multiple GIF frames into single frame [#7521](https://togithub.com/python-pillow/Pillow/issues/7521) \[radarhere] - Handle disposing GIF background from outside palette [#7515](https://togithub.com/python-pillow/Pillow/issues/7515) \[radarhere] - Seek past the data when skipping a PSD layer [#7483](https://togithub.com/python-pillow/Pillow/issues/7483) \[radarhere] - Import plugins relative to the module [#7576](https://togithub.com/python-pillow/Pillow/issues/7576) \[deliangyang, jaxx0n] - Translate encoder error codes to strings; deprecate `ImageFile.raise_oserror()` [#7609](https://togithub.com/python-pillow/Pillow/issues/7609) \[bgilbert, radarhere] - Support reading BC4U and DX10 BC1 images [#6486](https://togithub.com/python-pillow/Pillow/issues/6486) \[REDxEYE, radarhere, hugovk] - Optimize ImageStat.Stat.extrema [#7593](https://togithub.com/python-pillow/Pillow/issues/7593) \[florath, radarhere] - Handle pathlib.Path in FreeTypeFont [#7578](https://togithub.com/python-pillow/Pillow/issues/7578) \[radarhere, hugovk, nulano] - Added support for reading DX10 BC4 DDS images [#7603](https://togithub.com/python-pillow/Pillow/issues/7603) \[sambvfx, radarhere] - Optimized ImageStat.Stat.count [#7599](https://togithub.com/python-pillow/Pillow/issues/7599) \[florath] - Correct PDF palette size when saving [#7555](https://togithub.com/python-pillow/Pillow/issues/7555) \[radarhere] - Fixed closing file pointer with olefile 0.47 [#7594](https://togithub.com/python-pillow/Pillow/issues/7594) \[radarhere] - Raise ValueError when TrueType font size is not greater than zero [#7584](https://togithub.com/python-pillow/Pillow/issues/7584), [#7587](https://togithub.com/python-pillow/Pillow/issues/7587) \[akx, radarhere] - If absent, do not try to close fp when closing image [#7557](https://togithub.com/python-pillow/Pillow/issues/7557) \[RaphaelVRossi, radarhere] - Allow configuring JPEG restart marker interval on save [#7488](https://togithub.com/python-pillow/Pillow/issues/7488) \[bgilbert, radarhere] - Decrement reference count for PyObject [#7549](https://togithub.com/python-pillow/Pillow/issues/7549) \[radarhere] - Implement `streamtype=1` option for tables-only JPEG encoding [#7491](https://togithub.com/python-pillow/Pillow/issues/7491) \[bgilbert, radarhere] - If save_all PNG only has one frame, do not create animated image [#7522](https://togithub.com/python-pillow/Pillow/issues/7522) \[radarhere] - Fixed frombytes() for images with a zero dimension [#7493](https://togithub.com/python-pillow/Pillow/issues/7493) \[radarhere]Configuration
📅 Schedule: Branch creation - "" in timezone Europe/Paris, Automerge - At any time (no schedule defined).
🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.
♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.
🔕 Ignore: Close this PR and you won't be reminded about this update again.
This PR has been generated by Mend Renovate. View repository job log here.