⬆️ Bump the prod-update group with 3 updates

[dependabot[bot]]

Bumps the prod-update group with 3 updates: pillow, python-socketio and lxml.

Updates pillow from 10.2.0 to 10.3.0

Release notes

Sourced from pillow's releases.

10.3.0

https://pillow.readthedocs.io/en/stable/releasenotes/10.3.0.html

Changes

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [@​hugovk]
• Use functools.lru_cache for hopper() #7912 [@​hugovk]
• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [@​radarhere]
• Improve speed of loading QOI images #7925 [@​radarhere]
• Added RGB to I;16N conversion #7920 [@​radarhere]
• Add --report argument to main.py to omit supported formats #7818 [@​nulano]
• Added RGB to I;16, I;16L and I;16B conversion #7918 [@​radarhere]
• Fix editable installation with custom build backend and configuration options #7658 [@​nulano]
• Fix putdata() for I;16N on big-endian #7209 [@​Yay295]
• Determine MPO size from markers, not EXIF data #7884 [@​radarhere]
• Improved conversion from RGB to RGBa, LA and La #7888 [@​radarhere]
• Support FITS images with GZIP_1 compression #7894 [@​radarhere]
• Use I;16 mode for 9-bit JPEG 2000 images #7900 [@​scaramallion]
• Raise ValueError if kmeans is negative #7891 [@​radarhere]
• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [@​radarhere]
• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [@​radarhere]
• Added reading of JPEG2000 palettes #7870 [@​radarhere]
• Added alpha_quality argument when saving WebP images #7872 [@​radarhere]
• Fixed joined corners for ImageDraw rounded_rectangle() non-integer dimensions #7881 [@​radarhere]
• Removed Python and NumPy pinning on Cygwin #7880 [@​radarhere]
• Update UnidentifiedImageError and version imports #7644 [@​radarhere]
• Stop reading EPS image at EOF marker #7753 [@​radarhere]
• PSD layer co-ordinates may be negative #7706 [@​radarhere]
• Use subprocess with CREATE_NO_WINDOW flag in ImageShow WindowsViewer #7791 [@​radarhere]
• When saving GIF frame that restores to background color, do not fill identical pixels #7788 [@​radarhere]
• Fixed reading PNG iCCP compression method #7823 [@​radarhere]
• Allow writing IFDRational to UNDEFINED tag #7840 [@​radarhere]
• Fix logged tag name when loading Exif data #7842 [@​radarhere]
• Use maximum frame size in IHDR chunk when saving APNG images #7821 [@​radarhere]
• Prevent opening P TGA images without a palette #7797 [@​radarhere]
• Use palette when loading ICO images #7798 [@​radarhere]
• Use consistent arguments for load_read and load_seek #7713 [@​radarhere]
• Turn off nullability warnings for macOS SDK #7827 [@​radarhere]
• Fix shift-sign issue in Convert.c #7838 [@​r-barnes]
• winbuild: Refactor dependency versions into constants #7843 [@​hugovk]
• Build macOS arm64 wheels natively #7852 [@​radarhere]
• Fixed typo #7855 [@​radarhere]
• Open 16-bit grayscale PNGs as I;16 #7849 [@​radarhere]
• Handle truncated chunks at the end of PNG images #7709 [@​lajiyuan]
• Match mask size to pasted image size in GifImagePlugin #7779 [@​radarhere]
• Changed SupportsGetMesh protocol to be public #7841 [@​radarhere]
• Release GIL while calling WebPAnimDecoderGetNext #7782 [@​evanmiller]
• Fixed reading FLI/FLC images with a prefix chunk #7804 [@​twolife]
• Updated package name for Tidelift #7810 [@​radarhere]
• Removed unused code #7744 [@​radarhere]

... (truncated)

Changelog

Sourced from pillow's changelog.

10.3.0 (2024-04-01)

• CVE-2024-28219: Use strncpy to avoid buffer overflow #7928 [radarhere, hugovk]

• Deprecate eval(), replacing it with lambda_eval() and unsafe_eval() #7927 [radarhere, hugovk]

• Raise ValueError if seeking to greater than offset-sized integer in TIFF #7883 [radarhere]

• Add --report argument to __main__.py to omit supported formats #7818 [nulano, radarhere, hugovk]

• Added RGB to I;16, I;16L, I;16B and I;16N conversion #7918, #7920 [radarhere]

• Fix editable installation with custom build backend and configuration options #7658 [nulano, radarhere]

• Fix putdata() for I;16N on big-endian #7209 [Yay295, hugovk, radarhere]

• Determine MPO size from markers, not EXIF data #7884 [radarhere]

• Improved conversion from RGB to RGBa, LA and La #7888 [radarhere]

• Support FITS images with GZIP_1 compression #7894 [radarhere]

• Use I;16 mode for 9-bit JPEG 2000 images #7900 [scaramallion, radarhere]

• Raise ValueError if kmeans is negative #7891 [radarhere]

• Remove TIFF tag OSUBFILETYPE when saving using libtiff #7893 [radarhere]

• Raise ValueError for negative values when loading P1-P3 PPM images #7882 [radarhere]

• Added reading of JPEG2000 palettes #7870 [radarhere]

• Added alpha_quality argument when saving WebP images #7872 [radarhere]

... (truncated)

Commits

• 5c89d88 10.3.0 version bump
• 63cbfcf Update CHANGES.rst [ci skip]
• 2776126 Merge pull request #7928 from python-pillow/lcms
• aeb51cb Merge branch 'main' into lcms
• 5beb0b6 Update CHANGES.rst [ci skip]
• cac6ffa Merge pull request #7927 from python-pillow/imagemath
• f5eeeac Name as 'options' in lambda_eval and unsafe_eval, but '_dict' in deprecated eval
• facf3af Added release notes
• 2a93aba Use strncpy to avoid buffer overflow
• a670597 Update CHANGES.rst [ci skip]
• Additional commits viewable in compare view

Updates python-socketio from 5.11.1 to 5.11.2

Release notes

Sourced from python-socketio's releases.

Release 5.11.2

See CHANGES.md for release notes.

Changelog

Sourced from python-socketio's changelog.

python-socketio change log

Release 5.11.2 - 2024-03-24

• Improved routing to catch-all namespace handlers #1316 (commit) (thanks asuka!)
• Option to disable routing in ASGIApp (commit)

Release 5.11.1 - 2024-02-05

• Connection retry option in the client #1306 (commit)
• use Socket.IO sid in transport#1299 (commit)
• Add support for Python 3.12 and drop 3.7 #1297 (commit) (thanks Hugo van Kemenade!)

Release 5.11.0 - 2024-01-06

• Support catch-all namespaces #1288 (commit) (thanks mooomooo!)
• Prevent pubsub managers from ever crashing #1262 (commit)
• Hold references to background tasks to avoid garbage collection #1191 (commit)
• Clearer documentation for the max_http_buffer_size argument #1272 (commit)
• Improved catch-all handler documentation (commit)
• Documentation typos (commit)
• Remove documentation references to gevent-websocket, which is not needed anymore (commit)
• Remove documentation reference to outdated aioredis package #1268 (commit)
• Update requirements for Django example (commit)
• Unit test fixes for the new simple clients #1265 (commit)

Release 5.10.0 - 2023-10-15

• New SimpleClient and AsyncSimpleClient classes #1237 ([commit #1](https://github.com/miguelgrinberg/python-socketio/commit/55d6310eb3e194b1e67e40942a953bc4413b98b7)) ([commit #2](https://github.com/miguelgrinberg/python-socketio/commit/699ee9c47adcb44f1a8150d8c92a9555d07f7b5b))
• Reporting to Socket.IO Admin UI (https://admin.socket.io) #1164 (commit)
• Support entering and leaving rooms through pubsub client managers (commit)
• Async versions of enter_room and leave_room should be coroutines (breaking change) (commit)
• Add a shutdown() function for the server (commit)
• Message queue optimizations #1240 (commit)
• Remove unneeded arguments from super() (commit)
• Internal code restructure (no functional changes) ([commit #1](https://github.com/miguelgrinberg/python-socketio/commit/ef0f88f6cf5687dddfd0e3be9a90af2865d5871f)) ([commit #2](https://github.com/miguelgrinberg/python-socketio/commit/58b57068ab770d099bdd54d4eb8d22ce8a4f6751))
• Add FastAPI and Litestar server examples (commit)
• Update Socket.IO JavaScript client to version 4.7.2 in all examples (commit)
• Update ping_timeout documented default to accord with current Engine.IO behavior #1255 (commit) (thanks [object Object]!)
• Refactor common testing helpers into a separate module (commit)
• Migrate Python package metadata to pyproject.toml (commit)

Release 5.9.0 - 2023-09-03

• Optimized performance and memory usage for broadcasts #1233 (commit)
• Improved documentation on horizontal scaling #1099 (commit)
• Corrected user session documentation example #1170 (commit)
• Improved grammar in documentation #1175 (commit) (thanks zykron1!)
• Fix docstring typo: client/server mixup #1163 (commit) (thanks Sasja!)
• Fix typos in the documentation #1230 (commit) (thanks Alex Kuhrt!)

... (truncated)

Commits

• a0f8302 Release 5.11.2
• bd39b8f Improved routing to catch-all namespace handlers (#1316)
• fff4640 Bump django in /examples/server/wsgi/django_socketio (#1314) #nolog
• 7cc84bd Option to disable routing in ASGIApp
• e8bab71 Bump django in /examples/server/wsgi/django_socketio (#1307) #nolog
• 05f67cd Version 5.11.2.dev0
• See full diff in compare view

Updates lxml from 5.1.0 to 5.2.0

Changelog

Sourced from lxml's changelog.

5.2.0 (2024-03-30)

Other changes

• LP#1958539: The lxml.html.clean implementation suffered from several (only if used) security issues in the past and was now extracted into a separate library:

  https://github.com/fedora-python/lxml_html_clean

  Projects that use lxml without "lxml.html.clean" will not notice any difference, except that they won't have potentially vulnerable code installed. The module is available as an "extra" setuptools dependency "lxml[html_clean]", so that Projects that need "lxml.html.clean" will need to switch their requirements from "lxml" to "lxml[html_clean]", or install the new library themselves.

• The minimum CPU architecture for the Linux x86 binary wheels was upgraded to "sandybridge" (launched 2011), and glibc 2.28 / gcc 12 (manylinux_2_28) wheels were added.

• Built with Cython 3.0.10.

5.1.1 (2024-03-28)

Bugs fixed

• LP#2048920: iterlinks() in lxml.html rejected bytes input in 5.1.0.

• High source line numbers from the parser are no longer truncated (up to a C long) when using libxml2 2.11 or later.

Other changes

• GH#407: A compatibility test was adapted to recent expat versions. Patch by Miro Hrončok.

• Binary wheels use the library versions libxml2 2.12.6 and libxslt 1.1.39.

• Windows binary wheels use the library versions libxml2 2.11.7 and libxslt 1.1.39.

• Built with Cython 3.0.9.

Commits

• a8ab41d docs: Minor cleanup.
• ce2828e Prepare release of lxml 5.2.0.
• 187f8fd Build: Use Cython 3.0.10.
• 3f11678 Revert "Build: Make sure we have "-fPIC" in LDFLAGS."
• 11be8e8 CI: Allow Py3.13 to fail for now.
• 3f71c11 Build: Make sure we have "-fPIC" in LDFLAGS.
• f3eefca Update changelog.
• a970538 Remove Cleaner related documentation after removing the code.
• 7377868 Use html.clean from external project and provide "html_clean" extra dependenc...
• 06b70c3 Set master version to 5.2.0a0.
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR: - `@dependabot rebase` will rebase this PR - `@dependabot recreate` will recreate this PR, overwriting any edits that have been made to it - `@dependabot merge` will merge this PR after your CI passes on it - `@dependabot squash and merge` will squash and merge this PR after your CI passes on it - `@dependabot cancel merge` will cancel a previously requested merge and block automerging - `@dependabot reopen` will reopen this PR if it is closed - `@dependabot close` will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually - `@dependabot show ignore conditions` will show all of the ignore conditions of the specified dependency - `@dependabot ignore major version` will close this group update PR and stop Dependabot creating any more for the specific dependency's major version (unless you unignore this specific dependency's major version or upgrade to it yourself) - `@dependabot ignore minor version` will close this group update PR and stop Dependabot creating any more for the specific dependency's minor version (unless you unignore this specific dependency's minor version or upgrade to it yourself) - `@dependabot ignore ` will close this group update PR and stop Dependabot creating any more for the specific dependency (unless you unignore this specific dependency or upgrade to it yourself) - `@dependabot unignore ` will remove all of the ignore conditions of the specified dependency - `@dependabot unignore ` will remove the ignore condition of the specified dependency and ignore conditions

[netlify[bot]]

✅ Deploy Preview for nonebot-bison ready!

Name	Link
🔨 Latest commit	12438e902baf08aa850ec3d6e05b3dddc2f3dac3
🔍 Latest deploy log	https://app.netlify.com/sites/nonebot-bison/deploys/660bb3504d7ebb00089190d2
😎 Deploy Preview	https://deploy-preview-522--nonebot-bison.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify site configuration.

[AzideCupric]

@dependabot recreate